chromium (90.0.4430.212-1~deb10u1) buster-security; urgency=medium * New upstream security release. - CVE-2021-30506: Incorrect security UI in Web App Installs. Reported by @retsew0x01 - CVE-2021-30507: Inappropriate implementation in Offline. Reported by Alison Huffman - CVE-2021-30508: Heap buffer overflow in Media Feeds. Reported by Leecraso and Guang Gong - CVE-2021-30509: Out of bounds write in Tab Strip. Reported by David Erceg - CVE-2021-30510: Race in Aura. Reported by Weipeng Jiang - CVE-2021-30511: Out of bounds read in Tab Groups. Reported by David Erceg - CVE-2021-30512: Use after free in Notifications. Reported by ZhanJia Song - CVE-2021-30513: Type Confusion in V8. Reported by Man Yue Mo - CVE-2021-30514: Use after free in Autofill. Reported by koocola and Wang - CVE-2021-30515: Use after free in File API. Reported by Rong Jian and Guang Gong - CVE-2021-30516: Heap buffer overflow in History. Reported by ZhanJia Song - CVE-2021-30517: Type Confusion in V8. Reported by laural - CVE-2021-30518: Heap buffer overflow in Reader Mode. Reported by Jun Kokatsu - CVE-2021-30519: Use after free in Payments. Reported by asnine - CVE-2021-30520: Use after free in Tab Strip. Reported by Khalil Zhani -- Michael Gilbert Sat, 15 May 2021 20:39:40 +0000 chromium (90.0.4430.93-1~deb10u1) buster-security; urgency=medium * New upstream security release. - CVE-2021-21227: Insufficient data validation in V8. Reported by Gengming Liu - CVE-2021-21228: Insufficient policy enforcement in extensions. Reported by Rob Wu - CVE-2021-21229: Incorrect security UI in downloads. Reported by Mohit Raj - CVE-2021-21230: Type Confusion in V8. Reported by Manfred Paul - CVE-2021-21231: Insufficient data validation in V8. Reported by Sergei Glazunov - CVE-2021-21232: Use after free in Dev Tools. Reported by Abdulrahman Alqabandi - CVE-2021-21233: Heap buffer overflow in ANGLE. Reported by Omair -- Michael Gilbert Sat, 01 May 2021 09:35:19 +0000 chromium (90.0.4430.85-1~deb10u1) buster-security; urgency=medium * New upstream stable release. - CVE-2021-21201: Use after free in permissions. Reported by Gengming Liu and Jianyu Chen - CVE-2021-21202: Use after free in extensions. Reported by David Erceg - CVE-2021-21203: Use after free in Blink. Reported by asnine - CVE-2021-21204: Use after free in Blink. Reported by Chelse Tsai-Simek, Jeanette Ulloa, and Emily Voigtlander - CVE-2021-21205: Insufficient policy enforcement in navigation. Reported by Alison Huffman - CVE-2021-21221: Insufficient validation of untrusted input in Mojo. Reported by Guang Gong - CVE-2021-21207: Use after free in IndexedDB. Reported by koocola and Nan Wang - CVE-2021-21208: Insufficient data validation in QR scanner. Reported by Ahmed Elsobky - CVE-2021-21209: Inappropriate implementation in storage. Reported by Tom Van Goethem - CVE-2021-21210: Inappropriate implementation in Network. Reported by @bananabr - CVE-2021-21211: Inappropriate implementation in Navigation. Reported by Akash Labade - CVE-2021-21212: Incorrect security UI in Network Config UI. Reported by Hugo Hue and Sze Yiu Chau - CVE-2021-21213: Use after free in WebMIDI. Reported by raven - CVE-2021-21214: Use after free in Network API. Reported by Anonymous - CVE-2021-21215: Inappropriate implementation in Autofill. Reported by Abdulrahman Alqabandi - CVE-2021-21216: Inappropriate implementation in Autofill. Reported by Abdulrahman Alqabandi - CVE-2021-21217: Uninitialized Use in PDFium. Reported by Zhou Aiting - CVE-2021-21218: Uninitialized Use in PDFium. Reported by Zhou Aiting - CVE-2021-21219: Uninitialized Use in PDFium. Reported by Zhou Aiting - CVE-2021-21222: Heap buffer overflow in V8. Reported by Guang Gong - CVE-2021-21223: Integer overflow in Mojo. Reported by Guang Gong - CVE-2021-21224: Type Confusion in V8. Reported by Jose Martinez - CVE-2021-21225: Out of bounds memory access in V8. Reported by Brendon Tiszka - CVE-2021-21226: Use after free in navigation. Reported by Brendon Tiszka -- Michael Gilbert Sat, 24 Apr 2021 20:09:16 +0000 chromium (89.0.4389.114-1~deb10u1) buster-security; urgency=medium * New upstream security release. - CVE-2021-21159: Heap buffer overflow in TabStrip. Reported by Khalil Zhani - CVE-2021-21160: Heap buffer overflow in WebAudio. Reported by Marcin Noga - CVE-2021-21161: Heap buffer overflow in TabStrip. Reported by Khalil Zhani - CVE-2021-21162: Use after free in WebRTC. Reported by Anonymous - CVE-2021-21163: Insufficient data validation in Reader Mode. Reported by Alison Huffman - CVE-2021-21165: Object lifecycle issue in audio. Reported by Alison Huffman - CVE-2021-21166: Object lifecycle issue in audio. Reported by Alison Huffman - CVE-2021-21167: Use after free in bookmarks. Reported by Leecraso and Guang Gong - CVE-2021-21168: Insufficient policy enforcement in appcache. Reported by Luan Herrera - CVE-2021-21169: Out of bounds memory access in V8. Reported by Bohan Liu and Moon Liang - CVE-2021-21170: Incorrect security UI in Loader. Reported by David Erceg - CVE-2021-21171: Incorrect security UI in TabStrip and Navigation. Reported by Irvan Kurniawan - CVE-2021-21172: Insufficient policy enforcement in File System API. Reported by Maciej Pulikowski - CVE-2021-21173: Side-channel information leakage in Network Internals. Reported by Tom Van Goethem - CVE-2021-21174: Inappropriate implementation in Referrer. Reported by Ashish Gautam Kamble - CVE-2021-21175: Inappropriate implementation in Site isolation. Reported by Jun Kokatsu - CVE-2021-21176: Inappropriate implementation in full screen mode. Reported by Luan Herrera - CVE-2021-21177: Insufficient policy enforcement in Autofill. Reported by Abdulrahman Alqabandi - CVE-2021-21178: Inappropriate implementation in Compositing. Reported by Japong - CVE-2021-21179: Use after free in Network Internals. Reported by Anonymous - CVE-2021-21180: Use after free in tab search. Reported by Abdulrahman Alqabandi - CVE-2021-21181: Side-channel information leakage in autofill. Reported by Xu Lin, Panagiotis Ilias, Jason Polakis - CVE-2021-21182: Insufficient policy enforcement in navigations. Reported by Luan Herrera - CVE-2021-21183: Inappropriate implementation in performance APIs. Reported by Takashi Yoneuchi - CVE-2021-21184: Inappropriate implementation in performance APIs. Reported by James Hartig - CVE-2021-21185: Insufficient policy enforcement in extensions. Reported by David Erceg - CVE-2021-21186: Insufficient policy enforcement in QR scanning. Reported by dhirajkumarnifty - CVE-2021-21187: Insufficient data validation in URL formatting. Reported by Kirtikumar Anandrao Ramchandani - CVE-2021-21188: Use after free in Blink. Reported by Woojin Oh - CVE-2021-21189: Insufficient policy enforcement in payments. Reported by Khalil Zhani - CVE-2021-21190: Uninitialized Use in PDFium. Reported by Zhou Aiting - CVE-2021-21191: Use after free in WebRTC. Reported by raven - CVE-2021-21192: Heap buffer overflow in tab groups. Reported by Abdulrahman Alqabandi - CVE-2021-21193: Use after free in Blink. Reported by Anonymous - CVE-2021-21194: Use after free in screen capture. Reported by Leecraso and Guang Gong - CVE-2021-21195: Use after free in V8. Reported by Liu and Liang - CVE-2021-21196: Heap buffer overflow in TabStrip. Reported by Khalil Zhani - CVE-2021-21197: Heap buffer overflow in TabStrip. Reported by Abdulrahman Alqabandi - CVE-2021-21198: Out of bounds read in IPC. Reported by Mark Brand - CVE-2021-21199: Use after free in Aura. Reported by Weipeng Jiang -- Michael Gilbert Sun, 04 Apr 2021 13:39:43 +0000 chromium (88.0.4324.182-1~deb10u1) buster-security; urgency=medium * New upstream security release. - CVE-2021-21148: Heap buffer overflow in V8. Reported by Mattias Buelens - CVE-2021-21149: Stack overflow in Data Transfer. Reported by Ryoya Tsukasaki - CVE-2021-21150: Use after free in Downloads. Reported by Woojin Oh - CVE-2021-21151: Use after free in Payments. Reported by Khalil Zhani - CVE-2021-21152: Heap buffer overflow in Media. Reported by Anonymous - CVE-2021-21153: Stack overflow in GPU Process. Reported by Jan Ruge - CVE-2021-21154: Heap buffer overflow in Tab Strip . Reported by Abdulrahman Alqabandi - CVE-2021-21155: Heap buffer overflow in Tab Strip . Reported by Khalil Zhani - CVE-2021-21156: Heap buffer overflow in V8. Reported by Sergei Glazunov - CVE-2021-21157: Use after free in Web Sockets. Reported by Anonymous -- Michael Gilbert Thu, 18 Feb 2021 15:04:44 +0000 chromium (88.0.4324.146-1~deb10u1) buster-security; urgency=medium * New upstream stable release. - CVE-2021-21117: Insufficient policy enforcement in Cryptohome. Reported by Rory McNamara - CVE-2021-21118: Insufficient data validation in V8. Reported by Tyler Nighswander - CVE-2021-21119: Use after free in Media. Reported by Anonymous - CVE-2021-21120: Use after free in WebSQL. Reported by Nan Wang and Guang Gong - CVE-2021-21121: Use after free in Omnibox. Reported by Leecraso and Guang Gong - CVE-2021-21122: Use after free in Blink. Reported by Renata Hodovan - CVE-2021-21123: Insufficient data validation in File System API. Reported by Maciej Pulikowski - CVE-2021-21124: Potential user after free in Speech Recognizer. Reported by Chaoyang Ding - CVE-2021-21125: Insufficient policy enforcement in File System API. Reported by Ron Masas - CVE-2020-16044: Use after free in WebRTC. Reported by Ned Williamson - CVE-2021-21126: Insufficient policy enforcement in extensions. Reported by David Erceg - CVE-2021-21127: Insufficient policy enforcement in extensions. Reported by Jasminder Pal Singh - CVE-2021-21128: Heap buffer overflow in Blink. Reported by Liang Dong - CVE-2021-21129: Insufficient policy enforcement in File System API. Reported by Maciej Pulikowski - CVE-2021-21130: Insufficient policy enforcement in File System API. Reported by Maciej Pulikowski - CVE-2021-21131: Insufficient policy enforcement in File System API. Reported by Maciej Pulikowski - CVE-2021-21132: Inappropriate implementation in DevTools. Reported by David Erceg - CVE-2021-21133: Insufficient policy enforcement in Downloads. Reported by wester0x01 - CVE-2021-21134: Incorrect security UI in Page Info. Reported by wester0x01 - CVE-2021-21135: Inappropriate implementation in Performance API. Reported by ndevtk - CVE-2021-21136: Insufficient policy enforcement in WebView. Reported by Shiv Sahni, Movnavinothan V and Imdad Mohammed - CVE-2021-21137: Inappropriate implementation in DevTools. Reported by bobblybear - CVE-2021-21138: Use after free in DevTools. Reported by Weipeng Jiang - CVE-2021-21139: Inappropriate implementation in iframe sandbox. Reported by Jun Kokatsu - CVE-2021-21140: Uninitialized Use in USB. Reported by David Manouchehri - CVE-2021-21141: Insufficient policy enforcement in File System API. Reported by Maciej Pulikowski - CVE-2021-21142: Use after free in Payments. Reported by Khalil Zhani - CVE-2021-21143: Heap buffer overflow in Extensions. Reported by Allen Parker & Alex Morgan - CVE-2021-21144: Heap buffer overflow in Tab Groups. Reported by Leecraso and Guang Gong - CVE-2021-21145: Use after free in Fonts. Reported by Anonymous - CVE-2021-21146: Use after free in Navigation. Reported by Alison Huffman and Choongwoo Han - CVE-2021-21147: Inappropriate implementation in Skia. Reported by Roman Starkov -- Michael Gilbert Thu, 04 Feb 2021 02:00:58 +0000 chromium (87.0.4280.141-0.1~deb10u1) buster-security; urgency=high * Non-maintainer upload. * New upstream security release (closes: #979520). - CVE-2020-6510: Heap buffer overflow in background fetch. Reported by Leecraso and Guang Gong - CVE-2020-6511: Side-channel information leakage in content security policy. Reported by Mikhail Oblozhikhin - CVE-2020-6512: Type Confusion in V8. Reported by nocma, leogan, cheneyxu - CVE-2020-6513: Heap buffer overflow in PDFium. Reported by Aleksandar Nikolic - CVE-2020-6514: Inappropriate implementation in WebRTC. Reported by Natalie Silvanovich - CVE-2020-6515: Use after free in tab strip. Reported by DDV_UA - CVE-2020-6516: Policy bypass in CORS. Reported by Yongke Wang and Aryb1n - CVE-2020-6517: Heap buffer overflow in history. Reported by ZeKai Wu - CVE-2020-6518: Use after free in developer tools. Reported by David Erceg - CVE-2020-6519: Policy bypass in CSP. Reported by Gal Weizman - CVE-2020-6520: Heap buffer overflow in Skia. Reported by Zhen Zhou - CVE-2020-6521: Side-channel information leakage in autofill. Reported by Xu Lin, Panagiotis Ilia, Jason Polakis - CVE-2020-6522: Inappropriate implementation in external protocol handlers. Reported by Eric Lawrence - CVE-2020-6523: Out of bounds write in Skia. Reported by Liu Wei and Wu Zekai - CVE-2020-6524: Heap buffer overflow in WebAudio. Reported by Sung Ta - CVE-2020-6525: Heap buffer overflow in Skia. Reported by Zhen Zhou - CVE-2020-6526: Inappropriate implementation in iframe sandbox. Reported by Jonathan Kingston - CVE-2020-6527: Insufficient policy enforcement in CSP. Reported by Zhong Zhaochen - CVE-2020-6528: Incorrect security UI in basic auth. Reported by Rayyan Bijoora - CVE-2020-6529: Inappropriate implementation in WebRTC. Reported by kaustubhvats7 - CVE-2020-6530: Out of bounds memory access in developer tools. Reported by myvyang - CVE-2020-6531: Side-channel information leakage in scroll to text. Reported by Jun Kokatsu - CVE-2020-6532: Use after free in SCTP. Reported by Anonymous - CVE-2020-6533: Type Confusion in V8. Reported by Avihay Cohen - CVE-2020-6534: Heap buffer overflow in WebRTC. Reported by Anonymous - CVE-2020-6535: Insufficient data validation in WebUI. Reported by Jun Kokatsu - CVE-2020-6536: Incorrect security UI in PWAs. Reported by Zhiyang Zeng - CVE-2020-6537: Type Confusion in V8. Reported by Rong Jian and Guang Gong - CVE-2020-6538: Inappropriate implementation in WebView. Reported by Yongke Wang and Aryb1n - CVE-2020-6539: Use after free in CSS. Reported by Oriol Brufau - CVE-2020-6540: Heap buffer overflow in Skia. Reported by Zhen Zhou - CVE-2020-6541: Use after free in WebUSB. Reported by Sergei Glazunov - CVE-2020-6542: Use after free in ANGLE. Reported by Piotr Bania - CVE-2020-6543: Use after free in task scheduling. Reported by Looben Yang - CVE-2020-6544: Use after free in media. Reported by Tim Becker - CVE-2020-6545: Use after free in audio. Reported by Anonymous - CVE-2020-6547: Incorrect security UI in media. Reported by David Albert - CVE-2020-6548: Heap buffer overflow in Skia. Reported by Choongwoo Han - CVE-2020-6549: Use after free in media. Reported by Sergei Glazunov - CVE-2020-6550: Use after free in IndexedDB. Reported by Sergei Glazunov - CVE-2020-6551: Use after free in WebXR. Reported by Sergei Glazunov - CVE-2020-6552: Use after free in Blink. Reported by Tim Becker - CVE-2020-6553: Use after free in offline mode. Reported by Alison Huffman - CVE-2020-6554: Use after free in extensions. Reported by Anonymous - CVE-2020-6555: Out of bounds read in WebGL. Reported by Marcin Towalski - CVE-2020-6556: Heap buffer overflow in SwiftShader. Reported by Alison Huffman - CVE-2020-6557: Inappropriate implementation in networking. Reported by Matthias Gierlings and Marcus Brinkmann - CVE-2020-6559: Use after free in presentation API. Reported by Liu Wei and Wu Zekai - CVE-2020-6560: Insufficient policy enforcement in autofill. Reported by Nadja Ungethuem - CVE-2020-6561: Inappropriate implementation in Content Security Policy. Reported by Rob Wu - CVE-2020-6562: Insufficient policy enforcement in Blink. Reported by Masato Kinugawa - CVE-2020-6563: Insufficient policy enforcement in intent handling. Reported by Pedro Oliveira - CVE-2020-6564: Incorrect security UI in permissions. Reported by Khalil Zhani - CVE-2020-6565: Incorrect security UI in Omnibox. Reported by Khalil Zhani - CVE-2020-6566: Insufficient policy enforcement in media. Reported by Jun Kokatsu - CVE-2020-6567: Insufficient validation of untrusted input in command line handling. Reported by Joshua Graham - CVE-2020-6568: Insufficient policy enforcement in intent handling. Reported by Yongke Wang and Aryb1n - CVE-2020-6569: Integer overflow in WebUSB. Reported by guaixiaomei - CVE-2020-6570: Side-channel information leakage in WebRTC. Reported by Signal/Tenable - CVE-2020-6571: Incorrect security UI in Omnibox. Reported by Rayyan Bijoora - CVE-2020-6573: Use after free in video. Reported by Leecraso and Guang Gong - CVE-2020-6575: Race in Mojo. Reported by Microsoft - CVE-2020-6576: Use after free in offscreen canvas. Reported by Looben Yang - CVE-2020-15959: Insufficient policy enforcement in networking. Reported by Eric Lawrence - CVE-2020-15960: Out of bounds read in storage. Reported by Anonymous - CVE-2020-15961: Insufficient policy enforcement in extensions. Reported by David Erceg - CVE-2020-15962: Insufficient policy enforcement in serial. Reported by Leecraso and Guang Gong - CVE-2020-15963: Insufficient policy enforcement in extensions. Reported by David Erceg - CVE-2020-15964: Insufficient data validation in media. Reported by Woojin Oh @pwn_expoit - CVE-2020-15965: Out of bounds write in V8. Reported by Lucas Pinheiro - CVE-2020-15966: Insufficient policy enforcement in extensions. Reported by David Erceg - CVE-2020-15967: Use after free in payments. Reported by Man Yue Mo - CVE-2020-15968: Use after free in Blink. Reported by Anonymous - CVE-2020-15969: Use after free in WebRTC. Reported by Anonymous - CVE-2020-15970: Use after free in NFC. Reported by Man Yue Mo - CVE-2020-15971: Use after free in printing. Reported by Jun Kokatsu - CVE-2020-15972: Use after free in audio. Reported by Anonymous - CVE-2020-15973: Insufficient policy enforcement in extensions. Reported by David Erceg - CVE-2020-15974: Integer overflow in Blink. Reported by Juno Im - CVE-2020-15975: Integer overflow in SwiftShader. Reported by Anonymous - CVE-2020-15976: Use after free in WebXR. Reported by YoungJoo Lee - CVE-2020-15977: Insufficient data validation in dialogs. Reported by Narendra Bhati - CVE-2020-15978: Insufficient data validation in navigation. Reported by Luan Herrera - CVE-2020-15979: Inappropriate implementation in V8. Reported by Avihay Cohen - CVE-2020-15980: Insufficient policy enforcement in Intents. Reported by Yongke Wang and Aryb1n - CVE-2020-15981: Out of bounds read in audio. Reported by Christoph Guttandin - CVE-2020-15982: Side-channel information leakage in cache. Reported by Luan Herrera - CVE-2020-15983: Insufficient data validation in webUI. Reported by Jun Kokatsu - CVE-2020-15984: Insufficient policy enforcement in Omnibox. Reported by Rayyan Bijoora - CVE-2020-15985: Inappropriate implementation in Blink. Reported by Abdulrahman Alqabandi - CVE-2020-15986: Integer overflow in media. Reported by Mark Brand - CVE-2020-15987: Use after free in WebRTC. Reported by Philipp Hancke - CVE-2020-15988: Insufficient policy enforcement in downloads. Reported by Samuel Attard - CVE-2020-15989: Uninitialized Use in PDFium. Reported by Gareth Evans - CVE-2020-15990: Use after free in autofill. Reported by Rong Jian and Guang Gong - CVE-2020-15991: Use after free in password manager. Reported by Rong Jian and Guang Gong - CVE-2020-15992: Insufficient policy enforcement in networking. Reported by Alison Huffman - CVE-2020-15995: Out of bounds write in V8. Reported by Bohan Liu - CVE-2020-15999: Heap buffer overflow in Freetype. Reported by Sergei - CVE-2020-16000: Inappropriate implementation in Blink. Reported by amaebi_jp - CVE-2020-16001: Use after free in media. Reported by Khalil Zhani - CVE-2020-16002: Use after free in PDFium. Reported by Weipeng Jiang - CVE-2020-16003: Use after free in printing. Reported by Khalil Zhani - CVE-2020-16004: Use after free in user interface. Reported by Leecraso and Guang Gong - CVE-2020-16005: Insufficient policy enforcement in ANGLE. Reported by Jaehun Jeong - CVE-2020-16006: Inappropriate implementation in V8. Reported by Bill Parks - CVE-2020-16008: Stack buffer overflow in WebRTC. Reported by Tolya Korniltsev - CVE-2020-16009: Inappropriate implementation in V8. Reported by Clement Lecigne and Samuel Groß - CVE-2020-16012: Side-channel information leakage in graphics. Reported by Aleksejs Popovs - CVE-2020-16013: Inappropriate implementation in V8. Reported by Anonymous - CVE-2020-16014: Use after free in PPAPI. Reported by Rong Jian and Leecraso - CVE-2020-16015: Insufficient data validation in WASM. Reported by Rong Jian and Leecraso - CVE-2020-16016: Inappropriate implementation in base. Reported by Rong Jian and Leecraso - CVE-2020-16017: Use after free in site isolation. Reported by Anonymous - CVE-2020-16018: Use after free in payments. Reported by Man Yue Mo - CVE-2020-16019: Inappropriate implementation in filesystem. Reported by Rory McNamara - CVE-2020-16020: Inappropriate implementation in cryptohome. Reported by Rory McNamara - CVE-2020-16021: Race in ImageBurner. Reported by Rory McNamara - CVE-2020-16022: Insufficient policy enforcement in networking. Reported by @SamyKamkar - CVE-2020-16023: Use after free in WebCodecs. Reported by Brendon Tiszka and David Manouchehri - CVE-2020-16024: Heap buffer overflow in UI. Reported by Sergei Glazunov - CVE-2020-16025: Heap buffer overflow in clipboard. Reported by Sergei Glazunov - CVE-2020-16026: Use after free in WebRTC. Reported by Jong-Gwon Kim - CVE-2020-16027: Insufficient policy enforcement in developer tools. Reported by David Erceg - CVE-2020-16028: Heap buffer overflow in WebRTC. Reported by asnine - CVE-2020-16029: Inappropriate implementation in PDFium. Reported by Anonymous - CVE-2020-16030: Insufficient data validation in Blink. Reported by Michał Bentkowski - CVE-2020-16031: Incorrect security UI in tab preview. Reported by wester0x01 - CVE-2020-16032: Incorrect security UI in sharing. Reported by wester0x01 - CVE-2020-16033: Incorrect security UI in WebUSB. Reported by Khalil Zhani - CVE-2020-16034: Inappropriate implementation in WebRTC. Reported by Benjamin Petermaier - CVE-2020-16035: Insufficient data validation in cros-disks. Reported by Rory McNamara - CVE-2020-16036: Inappropriate implementation in cookies. Reported by Jun Kokatsu @shhnjk - CVE-2020-16037: Use after free in clipboard. Reported by Ryoya Tsukasaki - CVE-2020-16038: Use after free in media. Reported by Khalil Zhani - CVE-2020-16039: Use after free in extensions. Reported by Anonymous - CVE-2020-16040: Insufficient data validation in V8. Reported by Lucas Pinheiro - CVE-2020-16041: Out of bounds read in networking. Reported by Sergei Glazunov and Mark Brand - CVE-2020-16042: Uninitialized Use in V8. Reported by André Bargull - CVE-2021-21106: Use after free in autofill. Reported by Weipeng Jiang - CVE-2021-21107: Use after free in drag and drop. Reported by Leecraso and Guang Gong - CVE-2021-21108: Use after free in media. Reported by Leecraso and Guang Gong - CVE-2021-21109: Use after free in payments. Reported by Rong Jian and Guang Gong - CVE-2021-21110: Use after free in safe browsing. Reported by Anonymous - CVE-2021-21111: Insufficient policy enforcement in WebUI. Reported by Alesandro Ortiz - CVE-2021-21112: Use after free in Blink. Reported by YoungJoo Lee - CVE-2021-21113: Heap buffer overflow in Skia. Reported by tsubmunu - CVE-2020-16043: Insufficient data validation in networking. Reported by Samy Kamkar, Ben Seri at Armis, Gregory Vishnepolsky - CVE-2021-21114: Use after free in audio. Reported by Man Yue Mo - CVE-2021-21115: Use after free in safe browsing. Reported by Leecraso and Guang Gong - CVE-2021-21116: Heap buffer overflow in audio. Reported by Alison Huffman * Use desktop gl implementation as default (closes: #979135). * Add 64-bit time syscalls to syscall whitelist and clock selection parameter filtering code. -- Jan Luca Naumann Mon, 11 Jan 2021 17:04:13 +0100 chromium (83.0.4103.116-1~deb10u3) buster-security; urgency=medium * Fix crashes when a connection error occurs (closes: #963548). -- Michael Gilbert Sun, 12 Jul 2020 07:08:46 -0400 chromium (83.0.4103.116-1~deb10u2) buster-security; urgency=medium * Rebuild with optimization (closes: #964145). -- Michael Gilbert Fri, 03 Jul 2020 22:31:38 -0400 chromium (83.0.4103.116-1~deb10u1) buster-security; urgency=medium * New upstream stable release. - CVE-2020-6423: Use after free in audio. Reported by Anonymous - CVE-2020-6430: Type Confusion in V8. Reported by Avihay Cohen - CVE-2020-6431: Insufficient policy enforcement in full screen. Reported by Luan Herrera - CVE-2020-6432: Insufficient policy enforcement in navigations. Reported by David Erceg - CVE-2020-6433: Insufficient policy enforcement in extensions. Reported by David Erceg - CVE-2020-6434: Use after free in devtools. Reported by HyungSeok Han - CVE-2020-6435: Insufficient policy enforcement in extensions. Reported by Sergei Glazunov - CVE-2020-6436: Use after free in window management. Reported by Igor Bukanov - CVE-2020-6437: Inappropriate implementation in WebView. Reported by Jann Horn - CVE-2020-6438: Insufficient policy enforcement in extensions. Reported by Ng Yik Phang - CVE-2020-6439: Insufficient policy enforcement in navigations. Reported by remkoboonstra - CVE-2020-6440: Inappropriate implementation in extensions. Reported by David Erceg - CVE-2020-6441: Insufficient policy enforcement in omnibox. Reported by David Erceg - CVE-2020-6442: Inappropriate implementation in cache. Reported by B@rMey - CVE-2020-6443: Insufficient data validation in developer tools. Reported by @lovasoa - CVE-2020-6444: Uninitialized use in WebRTC. Reported by mlfbrown - CVE-2020-6445: Insufficient policy enforcement in trusted types. Reported by Jun Kokatsu - CVE-2020-6446: Insufficient policy enforcement in trusted types. Reported by Jun Kokatsu - CVE-2020-6447: Inappropriate implementation in developer tools. Reported by David Erceg - CVE-2020-6448: Use after free in V8. Reported by Guang Gong - CVE-2020-6454: Use after free in extensions. Reported by leecraso and Guang Gong - CVE-2020-6455: Out of bounds read in WebSQL. Reported by Nan Wang and Guang Gong - CVE-2020-6456: Insufficient validation of untrusted input in clipboard. Reported by Michał Bentkowski - CVE-2020-6457: Use after free in speech recognizer. Reported by Leecraso and Guang Gong - CVE-2020-6458: Out of bounds read and write in PDFium. Reported by Aleksandar Nikolic - CVE-2020-6459: Use after free in payments. Reported by Zhe Jin - CVE-2020-6460: Insufficient data validation in URL formatting. Reported by Anonymous - CVE-2020-6461: Use after free in storage. Reported by Zhe Jin - CVE-2020-6462: Use after free in task scheduling. Reported by Zhe Jin - CVE-2020-6463: Use after free in ANGLE. Reported by Pawel Wylecial - CVE-2020-6464: Type Confusion in Blink. Reported by Looben Yang - CVE-2020-6465: Use after free in reader mode. Reported by Woojin Oh - CVE-2020-6466: Use after free in media. Reported by Zhe Jin - CVE-2020-6467: Use after free in WebRTC. Reported by ZhanJia Song - CVE-2020-6468: Type Confusion in V8. Reported by Chris Salls and Jake Corina - CVE-2020-6469: Insufficient policy enforcement in developer tools. Reported by David Erceg - CVE-2020-6470: Insufficient validation of untrusted input in clipboard. Reported by Michał Bentkowski - CVE-2020-6471: Insufficient policy enforcement in developer tools. Reported by David Erceg - CVE-2020-6472: Insufficient policy enforcement in developer tools. Reported by David Erceg - CVE-2020-6473: Insufficient policy enforcement in Blink. Reported by Soroush Karami and Panagiotis Ilia - CVE-2020-6474: Use after free in Blink. Reported by Zhe Jin - CVE-2020-6475: Incorrect security UI in full screen. Reported by Khalil Zhani - CVE-2020-6476: Insufficient policy enforcement in tab strip. Reported by Alexandre Le Borgne - CVE-2020-6478: Inappropriate implementation in full screen. Reported by Khalil Zhani - CVE-2020-6479: Inappropriate implementation in sharing. Reported by Zhong Zhaochen - CVE-2020-6480: Insufficient policy enforcement in enterprise. Reported by Marvin Witt - CVE-2020-6481: Insufficient policy enforcement in URL formatting. Reported by Rayyan Bijoora - CVE-2020-6482: Insufficient policy enforcement in developer tools. Reported by Abdulrahman Alqabandi - CVE-2020-6483: Insufficient policy enforcement in payments. Reported by Jun Kokatsu - CVE-2020-6484: Insufficient data validation in ChromeDriver. Reported by Artem Zinenko - CVE-2020-6485: Insufficient data validation in media router. Reported by Sergei Glazunov - CVE-2020-6486: Insufficient policy enforcement in navigations. Reported by David Erceg - CVE-2020-6487: Insufficient policy enforcement in downloads. Reported by Jun Kokatsu - CVE-2020-6488: Insufficient policy enforcement in downloads. Reported by David Erceg - CVE-2020-6489: Inappropriate implementation in developer tools. Reported by @lovasoa - CVE-2020-6490: Insufficient data validation in loader. Reported by Twitter - CVE-2020-6491: Incorrect security UI in site information. Reported by Sultan Haikal - CVE-2020-6493: Use after free in WebAuthentication. Reported by Anonymous - CVE-2020-6494: Incorrect security UI in payments. Reported by Juho Nurminen - CVE-2020-6495: Insufficient policy enforcement in developer tools. Reported by David Erceg - CVE-2020-6496: Use after free in payments. Reported by Khalil Zhani - CVE-2020-6497: Insufficient policy enforcement in Omnibox. Reported by Rayyan Bijoora - CVE-2020-6498: Incorrect security UI in progress display. Reported by Rayyan Bijoora - CVE-2020-6505: Use after free in speech. Reported by Khalil Zhani - CVE-2020-6506: Insufficient policy enforcement in WebView. Reported by Alesandro Ortiz - CVE-2020-6507: Out of bounds write in V8. Reported by Sergei Glazunov - CVE-2020-6509: Use after free in extensions. Reported by Anonymous - CVE-2020-6831: Stack buffer overflow in SCTP. Reported by Natalie Silvanovich -- Michael Gilbert Fri, 26 Jun 2020 23:52:43 -0400 chromium (80.0.3987.162-1~deb10u1) buster-security; urgency=medium * New upstream security release. - CVE-2020-6450: Use after free in WebAudio. Reported by Man Yue Mo - CVE-2020-6451: Use after free in WebAudio. Reported by Man Yue Mo - CVE-2020-6452: Heap buffer overflow in media. Reported by asnine -- Michael Gilbert Thu, 02 Apr 2020 22:23:57 +0000 chromium (80.0.3987.149-1~deb10u1) buster-security; urgency=medium * New upstream security release. - CVE-2019-20503: Out of bounds read in usersctplib. Reported by Natalie Silvanovich - CVE-2020-6422: Use after free in WebGL. Reported by David Manouchehri - CVE-2020-6424: Use after free in media. Reported by Sergei Glazunov - CVE-2020-6425: Insufficient policy enforcement in extensions. Reported by Sergei Glazunov - CVE-2020-6426: Inappropriate implementation in V8. Reported by Avihay Cohen - CVE-2020-6427: Use after free in audio. Reported by Man Yue Mo - CVE-2020-6428: Use after free in audio. Reported by Man Yue Mo - CVE-2020-6429: Use after free in audio. Reported by Man Yue Mo - CVE-2020-6449: Use after free in audio. Reported by Man Yue Mo -- Michael Gilbert Sat, 21 Mar 2020 14:56:46 +0000 chromium (80.0.3987.132-1~deb10u1) buster-security; urgency=medium * New upstream security release. - CVE-2019-19923: Out of bounds memory access in SQLite. Reported by Richard Lorenz - CVE-2019-19925: Vulnerability in SQLite. Reported by Richard Lorenz - CVE-2019-19926: Inappropriate implementation in SQLite. Reported by Richard Lorenz - CVE-2019-19880: Vulnerability in SQLite. Reported by Richard Lorenz - CVE-2020-6381: Integer overflow in JavaScript. Reported by The UK's National Cyber Security Centre - CVE-2020-6382: Type Confusion in JavaScript. Reported by Soyeon Park and Wen Xu - CVE-2020-6383: Type confusion in V8. Reported by Sergei Glazunov - CVE-2020-6384: Use after free in WebAudio. Reported by David Manouchehri - CVE-2020-6385: Insufficient policy enforcement in storage. Reported by Sergei Glazunov - CVE-2020-6386: Use after free in speech. Reported by Zhe Jin - CVE-2020-6387: Out of bounds write in WebRTC. Reported by Natalie Silvanovich - CVE-2020-6388: Out of bounds memory access in WebAudio. Reported by Sergei Glazunov - CVE-2020-6389: Out of bounds write in WebRTC. Reported by Natalie Silvanovich - CVE-2020-6390: Out of bounds memory access in streams. Reported by Sergei Glazunov - CVE-2020-6391: Insufficient validation of untrusted input in Blink. Reported by Michał Bentkowski - CVE-2020-6392: Insufficient policy enforcement in extensions. Reported by Microsoft Edge Team - CVE-2020-6393: Insufficient policy enforcement in Blink. Reported by Mark Amery - CVE-2020-6394: Insufficient policy enforcement in Blink. Reported by Phil Freo - CVE-2020-6395: Out of bounds read in JavaScript. Reported by Pierre Langlois - CVE-2020-6396: Inappropriate implementation in Skia. Reported by William Luc Ritchie - CVE-2020-6397: Incorrect security UI in sharing. Reported by Khalil Zhani - CVE-2020-6398: Uninitialized use in PDFium. Reported by pdknsk - CVE-2020-6399: Insufficient policy enforcement in AppCache. Reported by Luan Herrera - CVE-2020-6400: Inappropriate implementation in CORS. Reported by Takashi Yoneuchi - CVE-2020-6401: Insufficient validation of untrusted input in Omnibox. Reported by Tzachy Horesh - CVE-2020-6402: Insufficient policy enforcement in downloads. Reported by Vladimir Metnew - CVE-2020-6403: Incorrect security UI in Omnibox. Reported by Khalil Zhani - CVE-2020-6404: Inappropriate implementation in Blink. Reported by kanchi - CVE-2020-6405: Out of bounds read in SQLite. Reported by Yongheng Chen and Rui Zhong - CVE-2020-6406: Use after free in audio. Reported by Sergei Glazunov - CVE-2020-6407: Out of bounds memory access in streams. Reported by Sergei Glazunov - CVE-2020-6408: Insufficient policy enforcement in CORS. Reported by Zhong Zhaochen - CVE-2020-6409: Inappropriate implementation in Omnibox. Reported by Divagar S and Bharathi V - CVE-2020-6410: Insufficient policy enforcement in navigation. Reported by evi1m0 - CVE-2020-6411: Insufficient validation of untrusted input in Omnibox. Reported by Khalil Zhani - CVE-2020-6412: Insufficient validation of untrusted input in Omnibox. Reported by Zihan Zheng - CVE-2020-6413: Inappropriate implementation in Blink. Reported by Michał Bentkowski - CVE-2020-6414: Insufficient policy enforcement in Safe Browsing. Reported by Lijo A.T - CVE-2020-6415: Inappropriate implementation in JavaScript. Reported by Avihay Cohen - CVE-2020-6416: Insufficient data validation in streams. Reported by Woojin Oh - CVE-2020-6418: Type confusion in V8. Reported by Clement Lecigne - CVE-2020-6420: Insufficient policy enforcement in media. Reported by Taras Uzdenov -- Michael Gilbert Sun, 08 Mar 2020 12:30:34 +0000 chromium (79.0.3945.130-1~deb10u1) buster-security; urgency=medium * New upstream security release. - CVE-2020-6377: Use after free in audio. Reported by Zhe Jin - CVE-2020-6378: Use-after-free in speech recognizer. Reported by Antti Levomäki and Christian Jalio - CVE-2020-6379: Use-after-free in speech recognizer. Reported by Guang Gong - CVE-2020-6380: Extension message verification error. Reported by Sergei Glazunov - CVE-2019-13725: Use after free in Bluetooth. Reported by Gengming Liu and Jianyu Chen - CVE-2019-13726: Heap buffer overflow in password manager. Reported by Sergei Glazunov - CVE-2019-13727: Insufficient policy enforcement in WebSockets. Reported by @piochu - CVE-2019-13728: Out of bounds write in V8. Reported by Rong Jian and Guang Gong - CVE-2019-13729: Use after free in WebSockets. Reported by Zhe Jin - CVE-2019-13730: Type Confusion in V8. Reported by Soyeon Park and Wen Xu - CVE-2019-13732: Use after free in WebAudio. Reported by Sergei Glazunov - CVE-2019-13734: Out of bounds write in SQLite. Reported by Wenxiang Qian - CVE-2019-13735: Out of bounds write in V8. Reported by Gengming Liu and Zhen Feng - CVE-2019-13764: Type Confusion in V8. Reported by Soyeon Park and Wen Xu - CVE-2019-13736: Integer overflow in PDFium. Reported by Anonymous - CVE-2019-13737: Insufficient policy enforcement in autocomplete. Reported by Mark Amery - CVE-2019-13738: Insufficient policy enforcement in navigation. Reported by Johnathan Norman and Daniel Clark - CVE-2019-13739: Incorrect security UI in Omnibox. Reported by xisigr - CVE-2019-13740: Incorrect security UI. Reported by Khalil Zhani - CVE-2019-13741: Insufficient validation of untrusted input in Blink. Reported by Michał Bentkowski - CVE-2019-13742: Incorrect security UI in Omnibox. Reported by Khalil Zhani - CVE-2019-13743: Incorrect security UI in external protocol handling. Reported by Zhiyang Zeng - CVE-2019-13744: Insufficient policy enforcement in cookies. Reported by Prakash - CVE-2019-13745: Insufficient policy enforcement in audio. Reported by Luan Herrera - CVE-2019-13746: Insufficient policy enforcement in Omnibox. Reported by David Erceg - CVE-2019-13747: Uninitialized Use in rendering. Reported by Ivan Popelyshev and André Bonatti - CVE-2019-13748: Insufficient policy enforcement in developer tools. Reported by David Erceg - CVE-2019-13749: Incorrect security UI in Omnibox. Reported by Khalil Zhani - CVE-2019-13750: Insufficient data validation in SQLite. Reported by Wenxiang Qian - CVE-2019-13751: Uninitialized Use in SQLite. Reported by Wenxiang Qian - CVE-2019-13752: Out of bounds read in SQLite. Reported by Wenxiang Qian - CVE-2019-13753: Out of bounds read in SQLite. Reported by Wenxiang Qian - CVE-2019-13754: Insufficient policy enforcement in extensions. Reported by Cody Crews - CVE-2019-13755: Insufficient policy enforcement in extensions. Reported by Masato Kinugawa - CVE-2019-13756: Incorrect security UI in printing. Reported by Khalil Zhani - CVE-2019-13757: Incorrect security UI in Omnibox. Reported by Khalil Zhani - CVE-2019-13758: Insufficient policy enforcement in navigation. Reported by Khalil Zhani - CVE-2019-13759: Incorrect security UI. Reported by Wenxu Wu - CVE-2019-13761: Incorrect security UI in Omnibox. Reported by Khalil Zhani - CVE-2019-13762: Insufficient policy enforcement in downloads. Reported by csanuragjain - CVE-2019-13763: Insufficient policy enforcement in payments. Reported by weiwangpp93 - CVE-2019-13767: Use after free in media picker. Reported by Sergei Glazunov -- Michael Gilbert Sun, 19 Jan 2020 15:22:38 +0000 chromium (78.0.3904.108-1~deb10u1) buster-security; urgency=medium * New upstream security release. - CVE-2019-13723: Use-after-free in Bluetooth. Reported by Yuxiang Li - CVE-2019-13724: Out-of-bounds in Bluetooth. Reported by Yuxiang Li -- Michael Gilbert Fri, 22 Nov 2019 01:09:41 +0000 chromium (78.0.3904.97-1~deb10u1) buster-security; urgency=medium * New upstream stable release. - CVE-2019-5869: Use-after-free in Blink. Reported by Zhe Jin - CVE-2019-5870: Use-after-free in media. Reported by Guang Gong - CVE-2019-5871: Heap overflow in Skia. Reported by Anonymous - CVE-2019-5872: Use-after-free in Mojo. Reported by Zhe Jin - CVE-2019-5874: External URIs may trigger other browsers. Reported by James Lee - CVE-2019-5875: URL bar spoof. Reported by Khalil Zhani - CVE-2019-5876: Use-after-free in media. Reported by Man Yue Mo - CVE-2019-5877: Out-of-bounds access in V8. Reported by Guang Gong - CVE-2019-5878: Use-after-free in V8. Reported by Guang Gong - CVE-2019-5879: Extensions can read some local files. Reported by Jinseo Kim - CVE-2019-5880: SameSite cookie bypass. Reported by Jun Kokatsu - CVE-2019-13659: URL spoof. Reported by Lnyas Zhang - CVE-2019-13660: Full screen notification overlap. Reported by Wenxu Wu - CVE-2019-13661: Full screen notification spoof. Reported by Wenxu Wu - CVE-2019-13662: CSP bypass. Reported by David Erceg - CVE-2019-13663: IDN spoof. Reported by Lnyas Zhang - CVE-2019-13664: CSRF bypass. Reported by thomas "zemnmez" shadwell - CVE-2019-13665: Multiple file download protection bypass. Reported by Jun Kokatsu - CVE-2019-13666: Side channel using storage size estimate. Reported by Tom Van Goethem - CVE-2019-13667: URI bar spoof when using external app URIs. Reported by Khalil Zhani - CVE-2019-13668: Global window leak via console. Reported by David Erceg - CVE-2019-13669: HTTP authentication spoof. Reported by Khalil Zhani - CVE-2019-13670: V8 memory corruption in regex. Reported by Guang Gong - CVE-2019-13671: Dialog box fails to show origin. Reported by xisigr - CVE-2019-13673: Cross-origin information leak using devtools. Reported by David Erceg - CVE-2019-13674: IDN spoofing. Reported by Khalil Zhani - CVE-2019-13675: Extensions can be disabled by trailing slash. Reported by Jun Kokatsu - CVE-2019-13676: Google URI shown for certificate warning. Reported by Wenxu Wu - CVE-2019-13677: Chrome web store origin needs to be isolated. Reported by Jun Kokatsu - CVE-2019-13678: Download dialog spoofing. Reported by Ronni Skansing - CVE-2019-13679: User gesture needed for printing. Reported by Conrad Irwin - CVE-2019-13680: IP address spoofing to servers. Reported by Thijs Alkemade - CVE-2019-13681: Bypass on download restrictions. Reported by David Erceg - CVE-2019-13682: Site isolation bypass. Reported by Jun Kokatsu - CVE-2019-13683: Exceptions leaked by devtools. Reported by David Erceg - CVE-2019-13685: Use-after-free in UI. Reported by Khalil Zhani - CVE-2019-13686: Use-after-free in offline pages. Reported by Brendon - CVE-2019-13687: Use-after-free in media. Reported by Man Yue Mo - CVE-2019-13688: Use-after-free in media. Reported by Man Yue Mo Tiszka - CVE-2019-13691: Omnibox spoof. Reported by David Erceg - CVE-2019-13692: SOP bypass. Reported by Jun Kokatsu - CVE-2019-13693: Use-after-free in IndexedDB. Reported by Guang Gong - CVE-2019-13694: Use-after-free in WebRTC. Reported by banananapenguin - CVE-2019-13695: Use-after-free in audio. Reported by Man Yue Mo - CVE-2019-13696: Use-after-free in V8. Reported by Guang Gong - CVE-2019-13697: Cross-origin size leak. Reported by Luan Herrera - CVE-2019-13699: Use-after-free in media. Reported by Man Yue Mo - CVE-2019-13700: Buffer overrun in Blink. Reported by Man Yue Mo - CVE-2019-13701: URL spoof in navigation. Reported by David Erceg - CVE-2019-13703: URL bar spoofing. Reported by Khalil Zhani - CVE-2019-13704: CSP bypass. Reported by Jun Kokatsu - CVE-2019-13705: Extension permission bypass. Reported by Luan Herrera - CVE-2019-13706: Out-of-bounds read in PDFium. Reported by pdknsk - CVE-2019-13707: File storage disclosure. Reported by Andrea Palazzo - CVE-2019-13708: HTTP authentication spoof. Reported by Khalil Zhani - CVE-2019-13709: File download protection bypass. Reported by Zhong Zhaochen - CVE-2019-13710: File download protection bypass. Reported by bernardo.mrod - CVE-2019-13711: Cross-context information leak. Reported by David Erceg - CVE-2019-13713: Cross-origin data leak. Reported by David Erceg - CVE-2019-13714: CSS injection. Reported by Jun Kokatsu - CVE-2019-13715: Address bar spoofing. Reported by xisigr - CVE-2019-13716: Service worker state error. Reported by Barron Hagerman - CVE-2019-13717: Notification obscured. Reported by xisigr - CVE-2019-13718: IDN spoof. Reported by Khalil Zhani - CVE-2019-13719: Notification obscured. Reported by Khalil Zhani - CVE-2019-13720: Use-after-free in audio. Reported by Anton Ivanov and Alexey Kulaev - CVE-2019-13721: Use-after-free in PDFium. Reported by banananapenguin -- Michael Gilbert Sat, 09 Nov 2019 19:01:23 +0000 chromium (76.0.3809.100-1~deb10u1) buster-security; urgency=medium * New upstream stable release. - CVE-2019-5805: Use after free in PDFium. Reported by Anonymous - CVE-2019-5806: Integer overflow in Angle. Reported by Wen Xu - CVE-2019-5807: Memory corruption in V8. Reported by TimGMichaud - CVE-2019-5808: Use after free in Blink. Reported by cloudfuzzer - CVE-2019-5809: Use after free in Blink. Reported by Mark Brand - CVE-2019-5810: User information disclosure in Autofill. Reported by Mark Amery - CVE-2019-5811: CORS bypass in Blink. Reported by Jun Kokatsu - CVE-2019-5813: Out of bounds read in V8. Reported by Aleksandar Nikolic - CVE-2019-5814: CORS bypass in Blink. Reported by @AaylaSecura1138 - CVE-2019-5815: Heap buffer overflow in Blink. Reported by Nicolas Grégoire - CVE-2019-5818: Uninitialized value in media reader. Reported by Adrian Tolbaru - CVE-2019-5819: Incorrect escaping in developer tools. Reported by Svyat Mitin - CVE-2019-5820: Integer overflow in PDFium. Reported by pdknsk - CVE-2019-5821: Integer overflow in PDFium. Reported by pdknsk - CVE-2019-5822: CORS bypass in download manager. Reported by Jun Kokatsu - CVE-2019-5823: Forced navigation from service worker. Reported by David Erceg - CVE-2019-5824: Parameter passing error in media player. Reported by leecraso and Guang Gong - CVE-2019-5825: Out-of-bounds write in V8. Reported by Gengming Liu, Jianyu Chen, Zhen Feng, and Jessica Liu - CVE-2019-5826: Use-after-free in IndexedDB. Reported by Gengming Liu, Jianyu Chen, Zhen Feng, and Jessica Liu - CVE-2019-5827: Out-of-bounds access issue in SQLite. Reported by mlfbrown - CVE-2019-5828: Use after free in ServiceWorker. Reported by leecraso and Guang Gong - CVE-2019-5829: Use after free in Download Manager. Reported by Lucas Pinheiro - CVE-2019-5830: Incorrectly credentialed requests in CORS. Reported by Andrew Krasichkov - CVE-2019-5831: Incorrect map processing in V8. Reported by yngwei - CVE-2019-5832: Incorrect CORS handling in XHR. Reported by Sergey Shekyan - CVE-2019-5833: Inconsistent security UI placement. Reported by Khalil Zhani - CVE-2019-5835: Out of bounds read in Swiftshader. Reported by Wenxiang Qian - CVE-2019-5836: Heap buffer overflow in Angle. Reported by Omair - CVE-2019-5837: Cross-origin resources size disclosure in Appcache. Reported by Adam Iwaniuk - CVE-2019-5838: Overly permissive tab access in Extensions. Reported by David Erceg - CVE-2019-5839: Incorrect handling of certain code points in Blink. Reported by Masato Kinugawa - CVE-2019-5840: Popup blocker bypass. Reported by Eliya Stein and Jerome Dangu - CVE-2019-5842: Use-after-free in Blink. Reported by BUGFENSE - CVE-2019-5847: V8 sealed/frozen elements cause crash. Reported by m3plex - CVE-2019-5848: Font sizes may expose sensitive information. Reported by Mark Amery - CVE-2019-5849: Out-of-bounds read in Skia. Reported by Zhen Zhou - CVE-2019-5850: Use-after-free in offline page fetcher. Reported by Brendon Tiszka - CVE-2019-5851: Use-after-poison in offline audio context. Reported by Zhe Jin - CVE-2019-5852: Object leak of utility functions. Reported by David Erceg - CVE-2019-5853: Memory corruption in regexp length check. Reported by yngwei and sakura - CVE-2019-5854: Integer overflow in PDFium text rendering. Reported by Zhen Zhou - CVE-2019-5855: Integer overflow in PDFium. Reported by Zhen Zhou - CVE-2019-5856: Insufficient checks on filesystem: URI permissions. Reported by Yongke Wang - CVE-2019-5857: Comparison of -0 and null yields crash. Reported by cloudfuzzer - CVE-2019-5858: Insufficient filtering of Open URL service parameters. Reported by evi1m0 - CVE-2019-5859: res: URIs can load alternative browsers. Reported by James Lee - CVE-2019-5860: Use-after-free in PDFium. Reported by Anonymous - CVE-2019-5861: Click location incorrectly checked. Reported by Robin Linus - CVE-2019-5862: AppCache not robust to compromised renderers. Reported by Jun Kokatsu - CVE-2019-5864: Insufficient port filtering in CORS for extensions. Reported by Devin Grindle - CVE-2019-5865: Site isolation bypass from compromised renderer. Reported by Ivan Fratric - CVE-2019-5867: Out-of-bounds read in V8. Reported by Lucas Pinheiro - CVE-2019-5868: Use-after-free in PDFium ExecuteFieldAction. Reported by banananapenguin -- Michael Gilbert Sat, 10 Aug 2019 01:11:21 +0000 chromium (73.0.3683.75-1) unstable; urgency=medium * New upstream stable release. - CVE-2019-5787: Use after free in Canvas. Reported by Zhe Jin - CVE-2019-5788: Use after free in FileAPI. Reported by Mark Brand - CVE-2019-5789: Use after free in WebMIDI. Reported by Mark Brand - CVE-2019-5790: Heap buffer overflow in V8. Reported by Dimitri Fourny - CVE-2019-5791: Type confusion in V8. Reported by Choongwoo Han - CVE-2019-5792: Integer overflow in PDFium. Reported by pdknsk - CVE-2019-5793: Excessive permissions for private API in Extensions. Reported by Jun Kokatsu - CVE-2019-5794: Security UI spoofing. Reported by Juno Im of Theori - CVE-2019-5795: Integer overflow in PDFium. Reported by pdknsk - CVE-2019-5796: Race condition in Extensions. Reported by Mark Brand - CVE-2019-5797: Race condition in DOMStorage. Reported by Mark Brand - CVE-2019-5798: Out of bounds read in Skia. Reported by Tran Tien Hung - CVE-2019-5799: CSP bypass with blob URL. Reported by sohalt - CVE-2019-5800: CSP bypass with blob URL. Reported by Jun Kokatsu - CVE-2019-5802: Security UI spoofing. Reported by Ronni Skansing - CVE-2019-5803: CSP bypass with Javascript URLs'. Reported by Andrew Comminos -- Michael Gilbert Tue, 19 Mar 2019 02:19:17 +0000 chromium (73.0.3683.56-2) experimental; urgency=medium * Fix build failure on armhf. -- Michael Gilbert Sun, 10 Mar 2019 04:35:32 +0000 chromium (73.0.3683.56-1) experimental; urgency=medium * New upstream beta release. -- Michael Gilbert Sat, 02 Mar 2019 18:02:02 +0000 chromium (72.0.3626.122-1) unstable; urgency=medium * New upstream stable release. -- Michael Gilbert Thu, 07 Mar 2019 14:05:20 +0000 chromium (72.0.3626.121-1) unstable; urgency=medium * New upstream stable release. - CVE-2019-5786: Use-after-free in FileReader -- Michael Gilbert Sat, 02 Mar 2019 16:28:16 +0000 chromium (72.0.3626.109-1) unstable; urgency=medium * New upstream stable release. - CVE-2019-5784: Inappropriate implementation in V8. Reported by Lucas Pinheiro * Build pdfium using system lcms. * Renable support for kerberos (closes: #916684). * Fix 32-bit type error in the vaapi implementation (closes: #921823). -- Michael Gilbert Mon, 04 Feb 2019 04:27:06 +0000 chromium (72.0.3626.81-1) unstable; urgency=medium * New upstream stable release. - Stack buffer overflow in Skia. Reported by Ivan Fratric - Use after free in Mojo, FileAPI, and Payments. Reported by Mark Brand - CVE-2018-17481: Use after free in PDFium. Reported by Anonymous - CVE-2019-5754: Inappropriate implementation in QUIC Networking. Reported by Klzgrad - CVE-2019-5755: Inappropriate implementation in V8. Reported by Jay Bosamiya - CVE-2019-5756: Use after free in PDFium. Reported by Anonymous - CVE-2019-5757: Type Confusion in SVG. Reported by Alexandru Pitis - CVE-2019-5758: Use after free in Blink. Reported by Zhe Jin - CVE-2019-5759: Use after free in HTML select elements. Reported by Almog Benin - CVE-2019-5760: Use after free in WebRTC. Reported by Zhe Jin - CVE-2019-5762: Use after free in PDFium. Reported by Anonymous - CVE-2019-5763: Insufficient validation of untrusted input in V8. Reported by Guang Gong - CVE-2019-5764: Use after free in WebRTC. Reported by Eyal Itkin - CVE-2019-5765: Insufficient policy enforcement in the browser. Reported by Sergey Toshin - CVE-2019-5766: Insufficient policy enforcement in Canvas. Reported by David Erceg - CVE-2019-5767: Incorrect security UI in WebAPKs. Reported by Haoran Lu, Yifan Zhang, Luyi Xing, and Xiaojing Liao - CVE-2019-5768: Insufficient policy enforcement in DevTools. Reported by Rob Wu - CVE-2019-5769: Insufficient validation of untrusted input in Blink. Reported by Guy Eshel - CVE-2019-5770: Heap buffer overflow in WebGL. Reported by hemidallt - CVE-2019-5772: Use after free in PDFium. Reported by Zhen Zhou - CVE-2019-5773: Insufficient data validation in IndexedDB. Reported by Yongke Wang - CVE-2019-5774: Insufficient validation of untrusted input in SafeBrowsing. Reported by Junghwan Kang and Juno Im - CVE-2019-5775: Insufficient policy enforcement in Omnibox. Reported by evi1m0 - CVE-2019-5776: Insufficient policy enforcement in Omnibox. Reported by Lnyas Zhang - CVE-2019-5777: Insufficient policy enforcement in Omnibox. Reported by Khalil Zhani - CVE-2019-5778: Insufficient policy enforcement in Extensions. Reported by David Erceg - CVE-2019-5779: Insufficient policy enforcement in ServiceWorker. Reported by David Erceg - CVE-2019-5780: Insufficient policy enforcement. Reported by Andreas Hegenberg - CVE-2019-5781: Insufficient policy enforcement in Omnibox. Reported by evi1m0 - CVE-2019-5782: Inappropriate implementation in V8 reported by Qixun Zhao - CVE-2019-5783: Insufficient validation of untrusted input in DevTools. Reported by Shintaro Kobori * Opt out of all Google web service options by default (closes: #916320). * Enable support for hardware accelerated video decoding (closes: #856255). - Thanks to Akarshan Biswas. -- Michael Gilbert Sat, 02 Feb 2019 05:05:43 +0000 chromium (72.0.3626.53-1) unstable; urgency=medium * New upstream beta release. * Organize the gcc 6 patches. * Update standards version to 4.3.0. * Drop libsrtp from the build dependencies (closes: #918542). -- Michael Gilbert Sat, 12 Jan 2019 07:17:20 +0000 chromium (72.0.3626.7-6) unstable; urgency=medium * Upload to unstable: fix FTBFS on arm64 and armhf -- Riku Voipio Tue, 08 Jan 2019 14:41:13 +0200 chromium (72.0.3626.7-5) experimental; urgency=medium * Fix armhf and arm64 builds -- Riku Voipio Fri, 04 Jan 2019 16:17:43 +0200 chromium (72.0.3626.7-4) unstable; urgency=medium * Reenable support for widevine (closes: #916058). * Update maintainer to chromium@packages.debian.org (closes: #915988). -- Michael Gilbert Mon, 24 Dec 2018 19:41:02 +0000 chromium (72.0.3626.7-3) unstable; urgency=medium * Remove unintended extra brace in arm patch. -- Michael Gilbert Sun, 16 Dec 2018 22:37:19 +0000 chromium (72.0.3626.7-2) experimental; urgency=medium * Fix build failures on arm. -- Michael Gilbert Fri, 14 Dec 2018 02:50:58 +0000 chromium (72.0.3626.7-1) experimental; urgency=medium * New upstream developmental release. -- Michael Gilbert Tue, 11 Dec 2018 03:31:15 +0000 chromium (71.0.3578.80-1) unstable; urgency=medium * New upstream stable release. - CVE-2018-17480: Out of bounds write in V8. Reported by Guang Gong - CVE-2018-17481: Use after frees in PDFium. Reported by Anonymous - CVE-2018-18335: Heap buffer overflow in Skia. Reported by Anonymous - CVE-2018-18336: Use after free in PDFium. Reported by Huyna - CVE-2018-18337: Use after free in Blink. Reported by cloudfuzzer - CVE-2018-18338: Heap buffer overflow in Canvas. Reported by Zhe Jin - CVE-2018-18339: Use after free in WebAudio. Reported by cloudfuzzer - CVE-2018-18340: Use after free in MediaRecorder. Reported by Anonymous - CVE-2018-18341: Heap buffer overflow in Blink. Reported by cloudfuzzer - CVE-2018-18342: Out of bounds write in V8. Reported by Guang Gong - CVE-2018-18343: Use after free in Skia. Reported by Tran Tien Hung - CVE-2018-18344: Inappropriate implementation in Extensions. Reported by Jann Horn - CVE-2018-18345: Inappropriate implementation in Site Isolation. Reported by Masato Kinugawa and Jun Kokatsu - CVE-2018-18346: Incorrect security UI in Blink. Reported by Luan Herrera - CVE-2018-18347: Inappropriate implementation in Navigation. Reported by Luan Herrera - CVE-2018-18348: Inappropriate implementation in Omnibox. Reported by Ahmed Elsobky - CVE-2018-18349: Insufficient policy enforcement in Blink. Reported by David Erceg - CVE-2018-18350: Insufficient policy enforcement in Blink. Reported by Jun Kokatsu - CVE-2018-18351: Insufficient policy enforcement in Navigation. Reported by Jun Kokatsu - CVE-2018-18352: Inappropriate implementation in Media. Reported by Jun Kokatsu - CVE-2018-18353: Inappropriate implementation in Network Authentication. Reported by Wenxu Wu - CVE-2018-18354: Insufficient data validation in Shell Integration. Reported by Wenxu Wu - CVE-2018-18355: Insufficient policy enforcement in URL Formatter. Reported by evi1m0 - CVE-2018-18356: Use after free in Skia. Reported by Tran Tien Hung - CVE-2018-18357: Insufficient policy enforcement in URL Formatter. Reported by evi1m0 - CVE-2018-18358: Insufficient policy enforcement in Proxy. Reported by Jann Horn - CVE-2018-18359: Out of bounds read in V8. Reported by cyrilliu - Inappropriate implementation in PDFium. Reported by Salem Faisal Elmrayed - Use after free in Extensions. Reported by Zhe Jin - Inappropriate implementation in Navigation. Reported by Luan Herrera - Inappropriate implementation in Navigation. Reported by Jesper van den Ende - Insufficient policy enforcement in Navigation. Reported by Ryan Pickren - Insufficient policy enforcement in URL Formatter. Reported by evi1m0 -- Michael Gilbert Wed, 05 Dec 2018 00:45:35 +0000 chromium (71.0.3578.62-1) unstable; urgency=medium * New upstream beta release. * Rename the source package to chromium. * Build using the system jsoncpp library. * Remove non-free unrar source from the upstream tarball (closes: #914487). - Requires safe browsing inspection of rar files to be disabled. -- Michael Gilbert Wed, 21 Nov 2018 02:37:35 +0000 chromium-browser (70.0.3538.110-1) unstable; urgency=medium * New upstream security release. - CVE-2018-17479: Use-after-free in GPU. -- Michael Gilbert Tue, 20 Nov 2018 00:45:46 +0000 chromium-browser (70.0.3538.102-1) unstable; urgency=medium * New upstream security release. - CVE-2018-17478: Out of bounds memory access in V8. Reported by cloudfuzzer * Fix new lintian warnings. * Drop libjs-excanvas build dependency. * Add support for building with harfbuzz 2.1.1. * Document how to run chromium as root (closes: #838534). * Output debian specific instructions when no working sandbox is available. * Do not rely on transitive recommendation for the sandbox (closes: #913116). -- Michael Gilbert Fri, 16 Nov 2018 03:12:53 +0000 chromium-browser (70.0.3538.67-3) unstable; urgency=medium * Fix a compiler warning. * Move the setuid sandbox into a separate package (closes: #839277). -- Michael Gilbert Sat, 03 Nov 2018 17:30:16 +0000 chromium-browser (70.0.3538.67-2) unstable; urgency=medium * Restore support for building with gtk2. -- Michael Gilbert Tue, 23 Oct 2018 01:11:35 +0000 chromium-browser (70.0.3538.67-1) unstable; urgency=medium * New upstream stable release. - CVE-2018-17462: Sandbox escape in AppCache. Reported by Ned Williamson and Niklas Baumstark - CVE-2018-17463: Remote code execution in V8. Reported by Ned Williamson and Niklas Baumstark - Heap buffer overflow in Little CMS in PDFium. Reported by Quang Nguyễn - CVE-2018-17464: URL spoof in Omnibox. Reported by xisigr - CVE-2018-17465: Use after free in V8. Reported by Lin Zuojian - CVE-2018-17466: Memory corruption in Angle. Reported by Omair - CVE-2018-17467: URL spoof in Omnibox. Reported by Khalil Zhani - CVE-2018-17468: Cross-origin URL disclosure in Blink. Reported by James Lee - CVE-2018-17469: Heap buffer overflow in PDFium. Reported by Zhen Zhou - CVE-2018-17470: Memory corruption in GPU Internals. Reported by Zhe Jin - CVE-2018-17471: Security UI occlusion in full screen mode. Reported by Lnyas Zhang - CVE-2018-17473: URL spoof in Omnibox. Reported by Khalil Zhani - CVE-2018-17474: Use after free in Blink. Reported by Zhe Jin - CVE-2018-17475: URL spoof in Omnibox. Reported by Vladimir Metnew - CVE-2018-17476: Security UI occlusion in full screen mode. Reported by Khalil Zhani - CVE-2018-5179: Lack of limits on update() in ServiceWorker. Reported by Yannic Bonenberger - CVE-2018-17477: UI spoof in Extensions. Reported by Aaron Muir Hamilton * Fix build failure on i386. * Fix installation path of the master preferences file (closes: #911056). -- Michael Gilbert Tue, 16 Oct 2018 12:36:22 +0000 chromium-browser (70.0.3538.54-2) unstable; urgency=medium * Build with gcc 8 (closes: #901368). * Move the master preferences file to /etc/chromium (closes: #891232). -- Michael Gilbert Sun, 14 Oct 2018 00:49:46 +0000 chromium-browser (70.0.3538.54-1) unstable; urgency=medium * New upstream beta release. -- Michael Gilbert Sat, 13 Oct 2018 04:18:08 +0000 chromium-browser (69.0.3497.100-1) unstable; urgency=medium * New upstream stable release. * Update standards version to 4.2.1. * Clarify debugging section in README.debian (closes: #910842). * Remove ConvertUTF from the upstream tarball (closes: #900596). * Load all extensions installed to /usr/share/chromium/extensions. - Thanks to Michael Meskes (closes: #890392). * Remove audio_capture_enable setting from the default preferences (closes: #884887). -- Michael Gilbert Sat, 13 Oct 2018 02:35:46 +0000 chromium-browser (69.0.3497.92-1) unstable; urgency=medium * New upstream security release. - Function signature mismatch in WebAssembly. Reported by Kevin Cheung - URL Spoofing in Omnibox. Reported by evi1m0 -- Michael Gilbert Thu, 13 Sep 2018 03:12:53 +0000 chromium-browser (69.0.3497.81-3) unstable; urgency=medium * Move another file needed for the armhf build to where it is expected. -- Michael Gilbert Fri, 07 Sep 2018 00:06:13 +0000 chromium-browser (69.0.3497.81-2) unstable; urgency=medium * Disable swiftshader. * Move file needed for the armhf build to where it is expected. * Document disabled built-in extensions in README.debian (closes: #886358). -- Michael Gilbert Thu, 06 Sep 2018 01:45:12 +0000 chromium-browser (69.0.3497.81-1) unstable; urgency=medium * New upstream stable release. - CVE-2018-16065: Out of bounds write in V8. Reported by Brendon Tiszka - CVE-2018-16066: Out of bounds read in Blink. Reported by cloudfuzzer - CVE-2018-16067: Out of bounds read in WebAudio. Reported by Zhe Jin - CVE-2018-16068: Out of bounds write in Mojo. Reported by Mark Brand - CVE-2018-16069: Out of bounds read in SwiftShader. Reported by Mark Brand - CVE-2018-16070: Integer overflow in Skia. Reported by Ivan Fratric - CVE-2018-16071: Use after free in WebRTC. Reported by Natalie Silvanovich - CVE-2018-16073: Site Isolation bypass after tab restore. Reported by Jun Kokatsu - CVE-2018-16074: Site Isolation bypass using Blob URLS. Reported by Jun Kokatsu - CVE-2018-16075: Local file access in Blink. Reported by Pepe Vila - CVE-2018-16076: Out of bounds read in PDFium. Reported by Aleksandar Nikolic - CVE-2018-16077: Content security policy bypass in Blink. Reported by Manuel Caballero - CVE-2018-16078: Credit card information leak in Autofill. Reported by Cailan Sacks - CVE-2018-16079: URL spoof in permission dialogs. Reported by Markus Vervier and Michele Orrù - CVE-2018-16080: URL spoof in full screen mode. Reported by Khalil Zhani - CVE-2018-16081: Local file access in DevTools. Reported by Jann Horn - CVE-2018-16082: Stack buffer overflow in SwiftShader. Reported by Omair - CVE-2018-16083: Out of bounds read in WebRTC. Reported by Natalie Silvanovich - CVE-2018-16084: User confirmation bypass in external protocol handling. Reported by Jun Kokatsu - CVE-2018-16085: Use after free in Memory Instrumentation. Reported by Roman Kuksin -- Michael Gilbert Wed, 05 Sep 2018 00:01:50 +0000 chromium-browser (69.0.3497.12-1) experimental; urgency=medium * New upstream development release. - Fixes an error that can occur on pages containing xml (closes: #865592). * Install swiftshader libraries to /usr/lib/chromium (closes: #901831). -- Michael Gilbert Sun, 29 Jul 2018 09:30:34 +0000 chromium-browser (68.0.3440.75-2) unstable; urgency=medium * Restore a mistakenly omitted call to InitializeFFmpeg (closes: #902909). -- Michael Gilbert Thu, 26 Jul 2018 00:37:11 +0000 chromium-browser (68.0.3440.75-1) unstable; urgency=medium * New upstream stable release. - CVE-2018-4117: Cross origin information leak in Blink. Reported by AhsanEjaz - CVE-2018-6044: Request privilege escalation in Extensions . Reported by Rob Wu - CVE-2018-6150: Cross origin information disclosure in Service Workers. Reported by Rob Wu - CVE-2018-6151: Bad cast in DevTools. Reported by Rob Wu - CVE-2018-6152: Local file write in DevTools. Reported by Rob Wu - CVE-2018-6153: Stack buffer overflow in Skia. Reported by Zhen Zhou - CVE-2018-6154: Heap buffer overflow in WebGL. Reported by Omair - CVE-2018-6155: Use after free in WebRTC. Reported by Natalie Silvanovich - CVE-2018-6156: Heap buffer overflow in WebRTC. Reported by Natalie Silvanovich - CVE-2018-6157: Type confusion in WebRTC. Reported by Natalie Silvanovich - CVE-2018-6158: Use after free in Blink. Reported by Zhe Jin - CVE-2018-6159: Same origin policy bypass in ServiceWorker. Reported by Jun Kokatsu - CVE-2018-6161: Same origin policy bypass in WebAudio. Reported by Jun Kokatsu - CVE-2018-6162: Heap buffer overflow in WebGL. Reported by Omair - CVE-2018-6163: URL spoof in Omnibox. Reported by Khalil Zhani - CVE-2018-6164: Same origin policy bypass in ServiceWorker. Reported by Jun Kokatsu - CVE-2018-6165: URL spoof in Omnibox. Reported by evi1m0 - CVE-2018-6166: URL spoof in Omnibox. Reported by Lnyas Zhang - CVE-2018-6167: URL spoof in Omnibox. Reported by Lnyas Zhang - CVE-2018-6168: CORS bypass in Blink. Reported by Gunes Acar and Danny Y. Huang - CVE-2018-6169: Permissions bypass in extension installation . Reported by Sam P - CVE-2018-6170: Type confusion in PDFium. Reported by Anonymous - CVE-2018-6171: Use after free in WebBluetooth. - CVE-2018-6172: URL spoof in Omnibox. Reported by Khalil Zhani - CVE-2018-6173: URL spoof in Omnibox. Reported by Khalil Zhani - CVE-2018-6174: Integer overflow in SwiftShader. Reported by Mark Brand - CVE-2018-6175: URL spoof in Omnibox. Reported by Khalil Zhani - CVE-2018-6176: Local user privilege escalation in Extensions. Reported by Jann Horn - CVE-2018-6177: Cross origin information leak in Blink. Reported by Ron Masas - CVE-2018-6178: UI spoof in Extensions. Reported by Khalil Zhani - CVE-2018-6179: Local file information leak in Extensions. -- Michael Gilbert Wed, 25 Jul 2018 00:28:20 +0000 chromium-browser (68.0.3440.42-1) experimental; urgency=medium * New upstream beta release. -- Michael Gilbert Sat, 30 Jun 2018 17:46:03 +0000 chromium-browser (68.0.3440.33-1) experimental; urgency=medium * New upstream beta release. * Build using upstream's "lite" tarball. * Restore decoder initialization from chromium 66 to maintain compatibility with ffmpeg 3.4 (closes: #900533). -- Michael Gilbert Fri, 29 Jun 2018 20:48:51 +0000 chromium-browser (68.0.3440.25-1) experimental; urgency=medium * New upstream beta release. -- Michael Gilbert Sun, 24 Jun 2018 16:32:18 +0000 chromium-browser (68.0.3440.17-1) experimental; urgency=medium * New upstream beta release. * Recommend upower and notification-daemon. -- Michael Gilbert Mon, 11 Jun 2018 04:40:58 +0000 chromium-browser (68.0.3440.7-1) experimental; urgency=medium * New upstream development release. -- Michael Gilbert Sun, 10 Jun 2018 23:44:14 +0000 chromium-browser (67.0.3396.87-1) unstable; urgency=medium * New upstream security release. - CVE-2018-6149: Out of bounds write in V8. Reported by Yu Zhou and Jundong Xie -- Michael Gilbert Tue, 19 Jun 2018 12:13:46 +0000 chromium-browser (67.0.3396.79-2) unstable; urgency=medium * Use embedded ffmpeg code copy (closes: #900533). -- Michael Gilbert Mon, 11 Jun 2018 00:33:39 +0000 chromium-browser (67.0.3396.79-1) unstable; urgency=medium * New upstream security release. - CVE-2018-6148: Incorrect handling of CSP header. Reported by Michał Bentkowski -- Michael Gilbert Sun, 10 Jun 2018 21:48:45 +0000 chromium-browser (67.0.3396.62-2) unstable; urgency=medium * Fix build on arm64/armhf -- Riku Voipio Fri, 08 Jun 2018 15:37:05 +0300 chromium-browser (67.0.3396.62-1) unstable; urgency=medium * New upstream stable release. - CVE-2018-6123: Use after free in Blink. Reported by Looben Yang - CVE-2018-6124: Type confusion in Blink. Reported by Guang Gong - CVE-2018-6125: Overly permissive policy in WebUSB. Reported by Yubico - CVE-2018-6126: Heap buffer overflow in Skia. Reported by Ivan Fratric - CVE-2018-6127: Use after free in indexedDB. Reported by Looben Yang - CVE-2018-6129: Out of bounds memory access in WebRTC. Reported by Natalie Silvanovich - CVE-2018-6130: Out of bounds memory access in WebRTC. Reported by Natalie Silvanovich - CVE-2018-6131: Incorrect mutability protection in WebAssembly. Reported by Natalie Silvanovich - CVE-2018-6132: Use of uninitialized memory in WebRTC. Reported by Ronald E. Crane - CVE-2018-6133: URL spoof in Omnibox. Reported by Khalil Zhani - CVE-2018-6134: Referrer Policy bypass in Blink. Reported by Jun Kokatsu - CVE-2018-6135: UI spoofing in Blink. Reported by Jasper Rebane - CVE-2018-6136: Out of bounds memory access in V8. Reported by Peter Wong - CVE-2018-6137: Leak of visited status of page in Blink. Reported by Michael Smith - CVE-2018-6138: Overly permissive policy in Extensions. Reported by François Lajeunesse-Robert - CVE-2018-6139: Restrictions bypass in the debugger extension API. Reported by Rob Wu - CVE-2018-6140: Restrictions bypass in the debugger extension API. Reported by Rob Wu - CVE-2018-6141: Heap buffer overflow in Skia. Reported by Yangkang - CVE-2018-6142: Out of bounds memory access in V8. Reported by Choongwoo Han - CVE-2018-6143: Out of bounds memory access in V8. Reported by Guang Gong - CVE-2018-6144: Out of bounds memory access in PDFium. Reported by pdknsk - CVE-2018-6145: Incorrect escaping of MathML in Blink. Reported by Masato Kinugawa - CVE-2018-6147: Password fields not taking advantage of OS protections in Views. Reported by Michail Pishchagin -- Michael Gilbert Wed, 30 May 2018 13:03:02 +0000 chromium-browser (67.0.3396.57-1) experimental; urgency=medium * New upstream beta release. * Ignore more compiler warnings. -- Michael Gilbert Tue, 29 May 2018 13:06:17 +0000 chromium-browser (67.0.3396.56-1) experimental; urgency=medium * New upstream beta release. -- Michael Gilbert Sun, 27 May 2018 04:27:00 +0000 chromium-browser (67.0.3396.48-1) experimental; urgency=medium * New upstream beta release. * Indicate that binary rules do not require root. * Change maintainer address to chromium-browser@packages.debian.org. * Drop widevine adapter package, no longer supported upstream (chromium should automatically detect and use libwidevinecdm.so without the extra adapter library now). -- Michael Gilbert Sat, 19 May 2018 03:30:20 +0000 chromium-browser (66.0.3359.181-1) unstable; urgency=medium * New upstream security release. - CVE-2018-6120: Heap buffer overflow in PDFium. Reported by Zhou Aiting - CVE-2018-6121: Privilege Escalation in extensions. - CVE-2018-6122: Type confusion in V8. -- Michael Gilbert Fri, 18 May 2018 21:08:59 +0000 chromium-browser (66.0.3359.139-1) unstable; urgency=medium * New upstream security release. - CVE-2018-6118: Use after free in Media Cache. Reported by Ned Williamson * Enable jumbo build. * Recommend libgl1-mesa-dri. -- Michael Gilbert Sat, 28 Apr 2018 02:44:15 +0000 chromium-browser (66.0.3359.117-1) unstable; urgency=medium * New upstream stable release. - CVE-2018-6085: Use after free in Disk Cache. Reported by Ned Williamson - CVE-2018-6086: Use after free in Disk Cache. Reported by Ned Williamson - CVE-2018-6087: Use after free in WebAssembly. Reported by Anonymous - CVE-2018-6088: Use after free in PDFium. Reported by Anonymous - CVE-2018-6089: Same origin policy bypass in Service Worker. Reported by Rob Wu - CVE-2018-6090: Heap buffer overflow in Skia. Reported by ZhanJia Song - CVE-2018-6091: Incorrect handling of plug-ins by Service Worker. Reported by Jun Kokatsu - CVE-2018-6092: Integer overflow in WebAssembly. Reported by Natalie Silvanovich - CVE-2018-6093: Same origin bypass in Service Worker. Reported by Jun Kokatsu - CVE-2018-6094: Exploit hardening regression in Oilpan. Reported by Chris Rohlf - CVE-2018-6095: Lack of meaningful user interaction requirement before file upload. Reported by Abdulrahman Alqabandi - CVE-2018-6096: Fullscreen UI spoof. Reported by WenXu Wu - CVE-2018-6097: Fullscreen UI spoof. Reported by xisigr - CVE-2018-6098: URL spoof in Omnibox. Reported by Khalil Zhani - CVE-2018-6099: CORS bypass in ServiceWorker. Reported by Jun Kokatsu - CVE-2018-6100: URL spoof in Omnibox. Reported by Lnyas Zhang - CVE-2018-6101: Insufficient protection of remote debugging prototol in DevTools . Reported by Rob Wu - CVE-2018-6102: URL spoof in Omnibox. Reported by Khalil Zhani - CVE-2018-6103: UI spoof in Permissions. Reported by Khalil Zhani - CVE-2018-6104: URL spoof in Omnibox. Reported by Khalil Zhani - CVE-2018-6105: URL spoof in Omnibox. Reported by Khalil Zhani - CVE-2018-6106: Incorrect handling of promises in V8. Reported by lokihardt - CVE-2018-6107: URL spoof in Omnibox. Reported by Khalil Zhani - CVE-2018-6108: URL spoof in Omnibox. Reported by Khalil Zhani - CVE-2018-6109: Incorrect handling of files by FileAPI. Reported by Dominik Weber - CVE-2018-6110: Incorrect handling of plaintext files via file:// . Reported by Wenxiang Qian - CVE-2018-6111: Heap-use-after-free in DevTools. Reported by Khalil Zhani - CVE-2018-6112: Incorrect URL handling in DevTools. Reported by Rob Wu - CVE-2018-6113: URL spoof in Navigation. Reported by Khalil Zhani - CVE-2018-6114: CSP bypass. Reported by Lnyas Zhang - CVE-2018-6115: SmartScreen bypass in downloads. Reported by James Feher - CVE-2018-6116: Incorrect low memory handling in WebAssembly. Reported by Chengdu Security Response Center - CVE-2018-6117: Confusing autofill settings. Reported by Spencer Dailey - Fixes proxy time out error (closes: #892994). - Removes not implemented messages (closes: #893799). * Remove third_party/chromite from the upstream tarball (closes: #895076). -- Michael Gilbert Thu, 26 Apr 2018 01:27:39 +0000 chromium-browser (66.0.3359.26-2) unstable; urgency=medium [ Michael Gilbert ] * Build using gcc6. * Move version control to salsa.debian.org. * Change maintainer address to chromium-browser@tracker.debian.org. [ Riku Voipio ] * [arm64/armhf] Fix neon autodetection with patch from upstream * [armhf] drop debug symbols -- Michael Gilbert Sun, 08 Apr 2018 03:11:08 +0000 chromium-browser (66.0.3359.26-1) experimental; urgency=medium * New upstream release. * Use threaded compression while repacking the upstream tarball. -- Michael Gilbert Mon, 26 Mar 2018 00:53:25 +0000 chromium-browser (66.0.3359.22-3) experimental; urgency=medium * Build pdfium using the system openjpeg library. -- Michael Gilbert Sat, 24 Mar 2018 22:53:20 +0000 chromium-browser (66.0.3359.22-2) experimental; urgency=medium * Fix typo in vpx patch. -- Michael Gilbert Sat, 24 Mar 2018 21:39:20 +0000 chromium-browser (66.0.3359.22-1) experimental; urgency=medium * New upstream release. - Fixes swiftshader library loading error (closes: #864606). -- Michael Gilbert Mon, 19 Mar 2018 01:04:11 +0000 chromium-browser (65.0.3325.146-4) unstable; urgency=medium * Fix another incomplete type build error (closes: #892891). -- Michael Gilbert Thu, 15 Mar 2018 01:22:51 +0000 chromium-browser (65.0.3325.146-3) unstable; urgency=medium * Fix incomplete type build error. -- Michael Gilbert Sun, 11 Mar 2018 00:33:12 +0000 chromium-browser (65.0.3325.146-2) unstable; urgency=medium * Fix a few gcc build warnings. * Apply upstream's fix for a bug in gcc7's handling of non-copyable types (closes: #890954). -- Michael Gilbert Sat, 10 Mar 2018 00:36:33 +0000 chromium-browser (65.0.3325.146-1) unstable; urgency=medium * New upstream stable release release. - CVE-2018-6056: Incorrect derived class instantiation in V8. Reported by lokihardt - CVE-2018-6060: Use after free in Blink. Reported by Omair - CVE-2018-6061: Race condition in V8. Reported by Guang Gong - CVE-2018-6062: Heap buffer overflow in Skia. Reported by Anonymous - CVE-2018-6057: Incorrect permissions on shared memory. Reported by Gal Beniamini - CVE-2018-6063: Incorrect permissions on shared memory. Reported by Gal Beniamini - CVE-2018-6064: Type confusion in V8. Reported by lokihardt - CVE-2018-6065: Integer overflow in V8. Reported by Mark Brand - CVE-2018-6066: Same Origin Bypass via canvas. Reported by Masato Kinugawa - CVE-2018-6067: Buffer overflow in Skia. Reported by Ned Williamson - CVE-2018-6068: Object lifecycle issues in Chrome Custom Tab. Reported by Luan Herrera - CVE-2018-6069: Stack buffer overflow in Skia. Reported by Wanglu & Yangkang - CVE-2018-6070: CSP bypass through extensions. Reported by Rob Wu - CVE-2018-6071: Heap bufffer overflow in Skia. Reported by Anonymous - CVE-2018-6072: Integer overflow in PDFium. Reported by Atte Kettunen - CVE-2018-6073: Heap bufffer overflow in WebGL. Reported by Omair - CVE-2018-6074: Mark-of-the-Web bypass. Reported by Abdulrahman Alqabandi - CVE-2018-6075: Overly permissive cross origin downloads. Reported by Inti De Ceukelaire - CVE-2018-6076: Incorrect handling of URL fragment identifiers in Blink. Reported by Mateusz Krzeszowiec - CVE-2018-6077: Timing attack using SVG filters. Reported by Khalil Zhani - CVE-2018-6078: URL Spoof in OmniBox. Reported by Khalil Zhani - CVE-2018-6079: Information disclosure via texture data in WebGL. Reported by Ivars Atteka - CVE-2018-6080: Information disclosure in IPC call. Reported by Gal Beniamini - CVE-2018-6081: XSS in interstitials. Reported by Rob Wu - CVE-2018-6082: Circumvention of port blocking. Reported by WenXu Wu - CVE-2018-6083: Incorrect processing of AppManifests. Reported by Jun Kokatsu * Enable support for vp9 (closes: #891831). -- Michael Gilbert Mon, 05 Mar 2018 01:26:31 +0000 chromium-browser (65.0.3325.85-1) experimental; urgency=medium * New upstream beta release. * Remove third_party/ffmpeg from the upstream tarball. -- Michael Gilbert Sat, 24 Feb 2018 08:17:44 +0000 chromium-browser (65.0.3325.74-1) experimental; urgency=medium [ Michael Gilbert ] * New upstream release. * Update to debhelper 11. * Update standards version. * Remove third_party/llvm from the upstream tarball. * Drop -fno-delete-null-pointer from debian/rules, applied upstream now. [ Riku Voipio ] * Fix skia build on arm64, (closes: #891062) * Set some armhf specific gn args to help linking -- Michael Gilbert Sat, 24 Feb 2018 02:36:40 +0000 chromium-browser (65.0.3325.73-1) experimental; urgency=medium * New upstream beta release. * Recommend libu2f-udev (closes: #890239). * Add support for ffmpeg 4.0 (closes: #888387). * Remove icc_profiles from the upstream tarball. -- Michael Gilbert Sun, 18 Feb 2018 02:22:56 +0000 chromium-browser (64.0.3282.119-2) unstable; urgency=medium * Drop chromecast patch (closes: #884173). -- Michael Gilbert Sun, 11 Feb 2018 03:00:09 +0000 chromium-browser (64.0.3282.119-1) unstable; urgency=medium * New upstream stable release. - CVE-2017-15420: URL spoofing in Omnibox. Reported by Drew Springall - CVE-2017-15429: UXSS in V8. Reported by Anonymous - CVE-2018-6031: Use after free in PDFium. Reported by Anonymous - CVE-2018-6032: Same origin bypass in Shared Worker. Reported by Jun Kokatsu - CVE-2018-6033: Race when opening downloaded files. Reported by Juho Nurminen - CVE-2018-6034: Integer overflow in Blink. Reported by Tobias Klein - CVE-2018-6035: Insufficient isolation of devtools from extensions. Reported by Rob Wu - CVE-2018-6036: Integer underflow in WebAssembly. Reported by The UK's National Cyber Security Centre - CVE-2018-6037: Insufficient user gesture requirements in autofill. Reported by Paul Stone - CVE-2018-6038: Heap buffer overflow in WebGL. Reported by cloudfuzzer - CVE-2018-6039: XSS in DevTools. Reported by Juho Nurminen - CVE-2018-6040: Content security policy bypass. Reported by WenXu Wu - CVE-2018-6041: URL spoof in Navigation. Reported by Luan Herrera - CVE-2018-6042: URL spoof in OmniBox. Reported by Khalil Zhani - CVE-2018-6043: Insufficient escaping with external URL handlers. Reported by 0x09AL - CVE-2018-6045: Insufficient isolation of devtools from extensions. Reported by Rob Wu - CVE-2018-6046: Insufficient isolation of devtools from extensions. Reported by Rob Wu - CVE-2018-6047: Cross origin URL leak in WebGL. Reported by Masato Kinugawa - CVE-2018-6048: Referrer policy bypass in Blink. Reported by Jun Kokatsu - CVE-2018-6049: UI spoof in Permissions. Reported by WenXu Wu - CVE-2018-6050: URL spoof in OmniBox. Reported by Jonathan Kew - CVE-2018-6051: Referrer leak in XSS Auditor. Reported by Antonio Sanso - CVE-2018-6052: Incomplete no-referrer policy implementation. Reported by Tanner Emek - CVE-2018-6053: Leak of page thumbnails in New Tab Page. Reported by Asset Kabdenov - CVE-2018-6054: Use after free in WebUI. Reported by Rob Wu -- Michael Gilbert Sun, 28 Jan 2018 01:00:12 +0000 chromium-browser (63.0.3239.84-1) unstable; urgency=medium * New upstream stable release. - CVE-2017-15407: Out of bounds write in QUIC. Reported by Ned Williamson - CVE-2017-15408: Heap buffer overflow in PDFium. Reported by Ke Liu - CVE-2017-15409: Out of bounds write in Skia. Reported by Anonymous - CVE-2017-15410: Use after free in PDFium. Reported by Luật Nguyễn - CVE-2017-15411: Use after free in PDFium. Reported by Luật Nguyễn - CVE-2017-15413: Type confusion in WebAssembly. Reported by Gaurav Dewan - CVE-2017-15415: Pointer information disclosure in IPC call. Reported by Viktor Brange - CVE-2017-15416: Out of bounds read in Blink. Reported by Ned Williamson - CVE-2017-15417: Cross origin information disclosure in Skia . Reported by Max May - CVE-2017-15418: Use of uninitialized value in Skia. Reported by Kushal Arvind Shah - CVE-2017-15419: Cross origin leak of redirect URL in Blink. Reported by Jun Kokatsu - CVE-2017-15420: URL spoofing in Omnibox. Reported by WenXu Wu - CVE-2017-15423: Issue with SPAKE implementation in BoringSSL. Reported by Greg Hudson - CVE-2017-15424: URL Spoof in Omnibox. Reported by Khalil Zhani - CVE-2017-15425: URL Spoof in Omnibox. Reported by xisigr - CVE-2017-15426: URL Spoof in Omnibox. Reported by WenXu Wu - CVE-2017-15427: Insufficient blocking of JavaScript in Omnibox. Reported by Junaid Farhan * Update standards version to 4.1.2. * Stricter default master preferences. * Avoid showing the welcome page (closes: #857767). * Switch from gtk2 to gtk3 again (closes: #883364). -- Michael Gilbert Sun, 03 Dec 2017 16:05:00 +0000 chromium-browser (63.0.3239.40-1) experimental; urgency=medium * New upstream beta release. * Disable chromium signin feature. * Fix error in icon installation script. * Update to the latest standards version. * Indicate that the package can be built without root. -- Michael Gilbert Sun, 12 Nov 2017 05:36:26 +0000 chromium-browser (63.0.3239.30-1) experimental; urgency=medium * New upstream beta release. * Install 16 and 32 pixel png icon files (closes: #857071). * Improve description for --temp-profile (closes: #881040). * Document Debian bug reports in the manpage (closes: #880965). * Stricter breaks/replaces to support security uploads (closes: #877970). -- Michael Gilbert Wed, 08 Nov 2017 01:54:47 +0000 chromium-browser (62.0.3202.89-1) unstable; urgency=medium * New upstream security release. - CVE-2017-15398: Stack buffer overflow in QUIC. Reported by Ned Williamson - CVE-2017-15399: Use after free in V8. Reported by Zhao Qixun * Revert new dependency on gconf. * Link against system lcms2 library (closes: #879153). * Disable device notifications by default (closes: #856571). * Remove icon extension from the desktop file (closes: #860256). -- Michael Gilbert Tue, 07 Nov 2017 02:22:17 +0000 chromium-browser (62.0.3202.75-1) unstable; urgency=medium * New upstream stable release (closes: #879451). - CVE-2017-5124: UXSS with MHTML. Reported by Anonymous - CVE-2017-5125: Heap overflow in Skia. Reported by Anonymous - CVE-2017-5126: Use after free in PDFium. Reported by Luat Nguyen - CVE-2017-5127: Use after free in PDFium. Reported by Luat Nguyen - CVE-2017-5128: Heap overflow in WebGL. Reported by Omair - CVE-2017-5129: Use after free in WebAudio. Reported by Omair - CVE-2017-5131: Out of bounds write in Skia. Reported by Anonymous - CVE-2017-5132: Incorrect stack manipulation in WebAssembly. Reported by Gaurav Dewan - CVE-2017-5133: Out of bounds write in Skia. Reported by Aleksandar Nikolic - CVE-2017-15386: UI spoofing in Blink. Reported by WenXu Wu - CVE-2017-15387: Content security bypass. Reported by Jun Kokatsu - CVE-2017-15388: Out of bounds read in Skia. Reported by Kushal Arvind Shah - CVE-2017-15389: URL spoofing in OmniBox. Reported by xisigr - CVE-2017-15390: URL spoofing in OmniBox. Reported by Haosheng Wang - CVE-2017-15391: Extension limitation bypass in Extensions. Reported by João Lucas Melo Brasio - CVE-2017-15392: Incorrect registry key handling in PlatformIntegration. Reported by Xiaoyin Liu - CVE-2017-15393: Referrer leak in Devtools. Reported by Svyat Mitin - CVE-2017-15394: URL spoofing in extensions UI. Reported by Sam - CVE-2017-15395: Null pointer dereference in ImageCapture. Reported by Johannes Bergman - CVE-2017-15396: Stack overflow in V8. Reported by Yuan Deng * Enable chromecast feature switch (closes: #878244). -- Michael Gilbert Sat, 04 Nov 2017 19:01:28 +0000 chromium-browser (61.0.3163.100-2) unstable; urgency=medium * Add liblcms2-dev as a build dependency (closes: #876804). -- Michael Gilbert Tue, 26 Sep 2017 12:54:35 +0000 chromium-browser (61.0.3163.100-1) unstable; urgency=medium * New upstream stable release (closes: #876030). - CVE-2017-5111: Use after free in PDFium. Reported by Luật Nguyễn - CVE-2017-5112: Heap buffer overflow in WebGL. Reported by Tobias Klein - CVE-2017-5113: Heap buffer overflow in Skia. Reported by Anonymous - CVE-2017-5114: Memory lifecycle issue in PDFium. Reported by Ke Liu - CVE-2017-5115: Type confusion in V8. Reported by Marco Giovannini - CVE-2017-5116: Type confusion in V8. Reported by Anonymous - CVE-2017-5117: Use of uninitialized value in Skia. Reported by Tobias Klein - CVE-2017-5118: Bypass of Content Security Policy in Blink. Reported by WenXu Wu - CVE-2017-5119: Use of uninitialized value in Skia. Reported by Anonymous - CVE-2017-5120: Potential HTTPS downgrade during redirect navigation. Reported by Xiaoyin Liu - CVE-2017-5121: Out-of-bounds access in V8. Reported by Jordan Rabet - CVE-2017-5122: Out-of-bounds access in V8. Reported by Choongwoo Han - Adds support for gcc7 (closes: #853347). * Update standards version. * Use system libstdc++ instead of chromium's bundled custom libc++. * Improve error message when network is unreachable (closes: #864539). * Fix a mistake that lead to unstripped binary files (closes: #870531). -- Michael Gilbert Sun, 24 Sep 2017 20:26:02 +0000 chromium-browser (60.0.3112.78-1) unstable; urgency=medium * New upstream stable release: - CVE-2017-5091: Use after free in IndexedDB. Reported by Ned Williamson - CVE-2017-5092: Use after free in PPAPI. Reported by Yu Zhou, Yuan Deng - CVE-2017-5093: UI spoofing in Blink. Reported by Luan Herrera - CVE-2017-5094: Type confusion in extensions. Reported by Anonymous - CVE-2017-5095: Out-of-bounds write in PDFium. Reported by Anonymous - CVE-2017-5096: User information leak via Android intents. Reported by Takeshi Terada - CVE-2017-5097: Out-of-bounds read in Skia. Reported by Anonymous - CVE-2017-5098: Use after free in V8. Reported by Jihoon Kim - CVE-2017-5099: Out-of-bounds write in PPAPI. Reported by Yuan Deng, Yu Zhou - CVE-2017-5100: Use after free in Chrome Apps. Reported by Anonymous - CVE-2017-5101: URL spoofing in OmniBox. Reported by Luan Herrera - CVE-2017-5102: Uninitialized use in Skia. Reported by Anonymous - CVE-2017-5103: Uninitialized use in Skia. Reported by Anonymous - CVE-2017-5104: UI spoofing in browser. Reported by Khalil Zhani - CVE-2017-7000: Pointer disclosure in SQLite. Reported by Chaitin Security Research Lab - CVE-2017-5105: URL spoofing in OmniBox. Reported by Rayyan Bijoora - CVE-2017-5106: URL spoofing in OmniBox. Reported by Jack Zac - CVE-2017-5107: User information leak via SVG. Reported by David Kohlbrenner - CVE-2017-5108: Type confusion in PDFium. Reported by Guang Gong - CVE-2017-5109: UI spoofing in browser. Reported by José María Acuña Morgado - CVE-2017-5110: UI spoofing in payments dialog. Reported by xisigr -- Michael Gilbert Thu, 27 Jul 2017 03:22:03 +0000 chromium-browser (60.0.3112.72-1) unstable; urgency=medium * New upstream beta release. - Adds support for gcc 6.4 (closes: #868926). * Update to debhelper version 10. * Update to standards version 4.0.0. * Only include pak files that are needed. * Drop chromedriver transitional package. * Drop ffmpeg.patch, now applied upstream. * Drop libgnome-keyring-dev build dependency (closes: #867917). * Install chromium-shell to /usr/lib/chromium (closes: #864565). - Thanks to Bert Schulze. -- Michael Gilbert Sat, 22 Jul 2017 16:41:59 +0000 chromium-browser (59.0.3071.104-1) unstable; urgency=medium * New upstream security release. - CVE-2017-5087: Sandbox Escape in IndexedDB. Reported by Ned Williamson - CVE-2017-5088: Out of bounds read in V8. Reported by Xiling Gong - CVE-2017-5089: Domain spoofing in Omnibox. Reported by Michał Bentkowski * Update get-orig-source to support really long arguments to tar --delete. -- Michael Gilbert Sat, 17 Jun 2017 20:03:49 +0000 chromium-browser (59.0.3071.86-1) unstable; urgency=medium * New upstream stable release. - CVE-2017-5070: Type confusion in V8. Reported by Zhao Qixun - CVE-2017-5071: Out of bounds read in V8. Reported by Choongwoo Han - CVE-2017-5072: Address spoofing in Omnibox. Reported by Rayyan Bijoora - CVE-2017-5073: Use after free in print preview. Reported by Khalil Zhani - CVE-2017-5074: Use after free in Apps Bluetooth. Reported by anonymous - CVE-2017-5075: Information leak in CSP reporting. Reported by Emmanuel Gil Peyrot - CVE-2017-5076: Address spoofing in Omnibox. Reported by Samuel Erb - CVE-2017-5077: Heap buffer overflow in Skia. Reported by Sweetchip - CVE-2017-5078: Possible command injection in mailto handling. Reported by Jose Carlos Exposito Bueno - CVE-2017-5079: UI spoofing in Blink. Reported by Khalil Zhani - CVE-2017-5080: Use after free in credit card autofill. Reported by Khalil Zhani - CVE-2017-5081: Extension verification bypass. Reported by Andrey Kovalev - CVE-2017-5082: Insufficient hardening in credit card editor. Reported by Nightwatch Cybersecurity Research - CVE-2017-5083: UI spoofing in Blink. Reported by Khalil Zhani - CVE-2017-5085: Inappropriate javascript execution on WebUI pages. Reported by Zhiyang Zeng - CVE-2017-5086: Address spoofing in Omnibox. Reported by Rayyan Bijoora -- Michael Gilbert Mon, 05 Jun 2017 23:09:28 +0000 chromium-browser (59.0.3071.71-1) experimental; urgency=medium * New upstream beta release. -- Michael Gilbert Sat, 27 May 2017 03:30:14 +0000 chromium-browser (59.0.3071.61-1) experimental; urgency=medium * New upstream beta release. -- Michael Gilbert Sun, 21 May 2017 19:34:39 +0000 chromium-browser (59.0.3071.47-1) experimental; urgency=medium * New upstream beta release. * Simplify approach for disabling vp9. * Fix incomplete new interfaces to system ICU library. * Remove XML_PARSE_NOXXE flag since system libxml2 does not yet support it. -- Michael Gilbert Sat, 13 May 2017 16:09:05 +0000 chromium-browser (58.0.3029.96-1) unstable; urgency=medium * New upstream security release. - CVE-2017-5068: Race condition in WebRTC. Credit to Philipp Hancke -- Michael Gilbert Sun, 07 May 2017 00:36:22 +0000 chromium-browser (58.0.3029.81-1) unstable; urgency=medium * New upstream stable release. - CVE-2017-5057: Type confusion in PDFium. Credit to Guang Gong. - CVE-2017-5058: Heap use after free in Print Preview. Credit to Khalil Zhani - CVE-2017-5059: Type confusion in Blink. Credit to SkyLined - CVE-2017-5060: URL spoofing in Omnibox. Credit to Xudong Zheng - CVE-2017-5061: URL spoofing in Omnibox. Credit to Haosheng Wang - CVE-2017-5062: Use after free in Chrome Apps. Credit to anonymous - CVE-2017-5063: Heap overflow in Skia. Credit to Sweetchip - CVE-2017-5064: Use after free in Blink. Credit to Wadih Matar - CVE-2017-5065: Incorrect UI in Blink. Credit to Khalil Zhani - CVE-2017-5066: Incorrect signature handing in Networking. Credit to chenchu - CVE-2017-5067: URL spoofing in Omnibox. Credit to Khalil Zhani - CVE-2017-5069: Cross-origin bypass in Blink. Credit to Michael Reizelman -- Michael Gilbert Wed, 19 Apr 2017 23:20:29 +0000 chromium-browser (58.0.3029.68-1) experimental; urgency=medium * New upstream beta release. - Drop arm patch, now applied upstream. - Add missing file needed to be able to build gn. - Update vpx.patch to continue using the system library. - Set use_vulcanize=false to avoid bringing in the entire nodejs ecosystem. * Enable remote extensions by default (closes: #856183). -- Michael Gilbert Fri, 07 Apr 2017 04:51:22 +0000 chromium-browser (57.0.2987.133-1) unstable; urgency=medium * New upstream security update. - CVE-2017-5055: Use after free in printing. Credit to Wadih Matar - CVE-2017-5054: Heap buffer overflow in V8. Credit to Nicolas Trippar - CVE-2017-5052: Bad cast in Blink. Credit to JeongHoon Shin - CVE-2017-5056: Use after free in Blink. Credit to anonymous - CVE-2017-5053: Out of bounds memory access in V8. Credit to Team Sniper -- Michael Gilbert Fri, 07 Apr 2017 01:07:17 +0000 chromium-browser (57.0.2987.98-1) unstable; urgency=medium * New upstream stable release. - CVE-2017-5030: Memory corruption in V8. Credit to Brendon Tiszka - CVE-2017-5031: Use after free in ANGLE. Credit to Looben Yang - CVE-2017-5032: Out of bounds write in PDFium. Credit to Ashfaq Ansari - CVE-2017-5029: Integer overflow in libxslt. Credit to Holger Fuhrmannek - CVE-2017-5034: Use after free in PDFium. Credit to Ke Liu - CVE-2017-5035: Incorrect security UI in Omnibox. Credit to Enzo Aguado - CVE-2017-5036: Use after free in PDFium. Credit to Anonymous - CVE-2017-5037: Multiple out of bounds writes in ChunkDemuxer. Credit to Yongke Wang - CVE-2017-5039: Use after free in PDFium. Credit to jinmo123 - CVE-2017-5040: Information disclosure in V8. Credit to Choongwoo Han - CVE-2017-5041: Address spoofing in Omnibox. Credit to Jordi Chancel - CVE-2017-5033: Bypass of Content Security Policy in Blink. Credit to Nicolai Grødum - CVE-2017-5042: Incorrect handling of cookies in Cast. Credit to Mike Ruddy - CVE-2017-5038: Use after free in GuestView. Credit to Anonymous - CVE-2017-5043: Use after free in GuestView. Credit to Anonymous - CVE-2017-5044: Heap overflow in Skia. Credit to Kushal Arvind Shah - CVE-2017-5045: Information disclosure in XSS Auditor. Credit to Dhaval Kapil - CVE-2017-5046: Information disclosure in Blink. Credit to Masato Kinugawa * Drop arm and MADV_FREE patches, which are now applied upstream. -- Michael Gilbert Fri, 10 Mar 2017 22:00:06 +0000 chromium-browser (56.0.2924.76-5) unstable; urgency=medium * Configure with fieldtrial_testing_like_official_build=true to avoid building with experimental features enabled (closes: #855434). * Do not disable background networking when remote extensions are enabled, since that option also blocks updates to extensions (closes: #841401). - Thanks to Tarmo Huuhka. -- Michael Gilbert Sat, 25 Feb 2017 21:41:02 +0000 chromium-browser (56.0.2924.76-4) unstable; urgency=medium * Do not create a dbgsym package for widevine (closes: #855529). -- Michael Gilbert Sun, 19 Feb 2017 20:17:38 +0000 chromium-browser (56.0.2924.76-3) unstable; urgency=medium * Upload to unstable. -- Michael Gilbert Sun, 05 Feb 2017 19:47:22 +0000 chromium-browser (56.0.2924.76-2) experimental; urgency=medium * Backport upstream bugfix for non-NEON builds (closes: #853108). * Fix seccomp sandboxing on arm64 platforms with DRI3 -- Riku Voipio Thu, 02 Feb 2017 09:37:05 +0200 chromium-browser (56.0.2924.76-1) experimental; urgency=medium * New upstream stable release: - CVE-2017-5007: Universal XSS in Blink. Credit to Mariusz Mlynski - CVE-2017-5006: Universal XSS in Blink. Credit to Mariusz Mlynski - CVE-2017-5008: Universal XSS in Blink. Credit to Mariusz Mlynski - CVE-2017-5010: Universal XSS in Blink. Credit to Mariusz Mlynski - CVE-2017-5011: Unauthorised file access in Devtools. Credit to Khalil Zhani - CVE-2017-5009: Out of bounds memory access in WebRTC. Credit to Sean Stanek and Chip Bradford - CVE-2017-5012: Heap overflow in V8. Credit to Gergely Nagy - CVE-2017-5013: Address spoofing in Omnibox. Credit to Haosheng Wang - CVE-2017-5014: Heap overflow in Skia. Credit to sweetchip - CVE-2017-5015: Address spoofing in Omnibox. Credit to Armin Razmdjou - CVE-2017-5019: Use after free in Renderer. Credit to Wadih Matar - CVE-2017-5016: UI spoofing in Blink. Credit to Haosheng Wang - CVE-2017-5017: Uninitialised memory access in webm video. Credit to danberm - CVE-2017-5018: Universal XSS in chrome://apps. Credit to Rob Wu - CVE-2017-5020: Universal XSS in chrome://downloads. Credit to Rob Wu - CVE-2017-5021: Use after free in Extensions. Credit to Rob Wu - CVE-2017-5022: Bypass of Content Security Policy in Blink. Credit to PKAV Team. - CVE-2017-5023: Type confusion in metrics. Credit to the UK's National Cyber Security Centre (NCSC) - CVE-2017-5026: UI spoofing. Credit to Ronni Skansing -- Michael Gilbert Thu, 26 Jan 2017 01:42:21 +0000 chromium-browser (55.0.2883.75-6) unstable; urgency=medium * Organize patches. * Move widevine package to contrib (closes: #851917). * Conflict with very old versions of libsecret (closes: #838864). * Support --enable-remote-extensions option passed through CHROMIUM_FLAGS (closes: #851927). -- Michael Gilbert Sun, 22 Jan 2017 00:47:28 +0000 chromium-browser (55.0.2883.75-5) unstable; urgency=medium * Fix new lintian warnings. * Fix quoting error in run script (closes: #851634). -- Michael Gilbert Thu, 19 Jan 2017 01:19:24 +0000 chromium-browser (55.0.2883.75-4) unstable; urgency=medium * Add chromium-shell package. * Rename chromedriver package to chromium-driver. * Add chromium-widevine package (closes: #838515). - Thanks to Felix Geyer. * Add initial upstream metadata (closes: #848228). * Set more options at runtime instead of build time. * Install chromedriver to /usr/bin (closes: #845312). * Update webkit copyright information (closes: #849264). - Thanks to Sandro Knauß. * Better handling of browser extensions (closes: #841401). - Only support locally installed extensions by default. - Add new command line flag --enable-remote-extensions, which bypasses the new default, allowing remote extensions and automatic updating. -- Michael Gilbert Mon, 02 Jan 2017 02:44:11 +0000 chromium-browser (55.0.2883.75-3) unstable; urgency=medium * Merge experimental branch. * Respect parallel setting in DEB_BUILD_OPTIONS while bootstrapping gn. * Conflict libnettle4 rather than depend on libnettle6 (closes: #841213). * Disable builtin media router since it only works with official Google Chrome builds, not chromium (closes: #833477). -- Michael Gilbert Sun, 18 Dec 2016 23:14:18 +0000 chromium-browser (55.0.2883.75-2+exp3) experimental; urgency=medium * Correct typo from last build. -- Riku Voipio Fri, 16 Dec 2016 14:31:37 +0200 chromium-browser (55.0.2883.75-2+exp2) experimental; urgency=medium * Set arm_use_neon=false on armhf until we enable a neon-supporting buildd in Debian. -- Riku Voipio Thu, 15 Dec 2016 14:34:45 +0200 chromium-browser (55.0.2883.75-2+exp1) experimental; urgency=medium * Add patches from upstream for gn builds on arm64 * Enable arm64/armhf builds -- Riku Voipio Mon, 12 Dec 2016 14:04:19 +0200 chromium-browser (55.0.2883.75-2) unstable; urgency=medium * Don't set FF_API_CONVERGENCE_DURATION since it is not a part of ffmpeg's public API, and when defined leads to crashes (closes: #846648). -- Michael Gilbert Sat, 10 Dec 2016 22:24:06 +0000 chromium-browser (55.0.2883.75-1) unstable; urgency=medium * New upstream stable release: - CVE-2016-9651: Private property access in V8. Credit to Guang Gong - CVE-2016-5208: Universal XSS in Blink. Credit to Mariusz Mlynski - CVE-2016-5207: Universal XSS in Blink. Credit to Mariusz Mlynski - CVE-2016-5206: Same-origin bypass in PDFium. Credit to Rob Wu - CVE-2016-5205: Universal XSS in Blink. Credit to Anonymous - CVE-2016-5204: Universal XSS in Blink. Credit to Mariusz Mlynski - CVE-2016-5209: Out of bounds write in Blink. Credit to Giwan Go - CVE-2016-5203: Use after free in PDFium. Credit to Anonymous - CVE-2016-5210: Out of bounds write in PDFium. Credit to Ke Liu - CVE-2016-5212: Local file disclosure in DevTools. Credit to Khalil Zhani - CVE-2016-5211: Use after free in PDFium. Credit to Anonymous - CVE-2016-5213: Use after free in V8. Credit to Khalil Zhani - CVE-2016-5214: File download protection bypass. Credit to Jonathan Birch and MSVR - CVE-2016-5216: Use after free in PDFium. Credit to Anonymous - CVE-2016-5215: Use after free in Webaudio. Credit to Looben Yang - CVE-2016-5217: Use of unvalidated data in PDFium. Credit to Rob Wu - CVE-2016-5218: Address spoofing in Omnibox. Credit to Abdulrahman Alqabandi - CVE-2016-5219: Use after free in V8. Credit to Rob Wu - CVE-2016-5221: Integer overflow in ANGLE. Credit to Tim Becker - CVE-2016-5220: Local file access in PDFium. Credit to Rob Wu - CVE-2016-5222: Address spoofing in Omnibox. Credit to xisigr - CVE-2016-9650: CSP Referrer disclosure. Credit to Jakub Żoczek - CVE-2016-5223: Integer overflow in PDFium. Credit to Hwiwon Lee - CVE-2016-5226: Limited XSS in Blink. Credit to Jun Kokatsu - CVE-2016-5225: CSP bypass in Blink. Credit to Scott Helme - CVE-2016-5224: Same-origin bypass in SVG. Credit to Roeland Krak - CVE-2016-9652: Various fixes from internal audits, fuzzing and other initiatives * Make it possible to pass build flags into gn (closes: #845785). -- Michael Gilbert Fri, 02 Dec 2016 02:06:59 +0000 chromium-browser (54.0.2840.101-1) unstable; urgency=medium * New upstream stable release: - CVE-2016-5181: Universal XSS in Blink. Credit to Anonymous - CVE-2016-5182: Heap overflow in Blink. Credit to Giwan Go - CVE-2016-5183: Use after free in PDFium. Credit to Anonymous - CVE-2016-5184: Use after free in PDFium. Credit to Anonymous - CVE-2016-5185: Use after free in Blink. Credit to cloudfuzzer - CVE-2016-5187: URL spoofing. Credit to Luan Herrera - CVE-2016-5188: UI spoofing. Credit to Luan Herrera - CVE-2016-5192: Cross-origin bypass in Blink. Credit to haojunhou@gmail.com - CVE-2016-5189: URL spoofing. Credit to xisigr - CVE-2016-5186: Out of bounds read in DevTools. Credit to Abdulrahman Alqabandi - CVE-2016-5191: Universal XSS in Bookmarks. Credit to Gareth Hughes - CVE-2016-5190: Use after free in Internals. Credit to Atte Kettunen - CVE-2016-5193: Scheme bypass. Credit to Yuyang ZHOU - CVE-2016-5194: Various fixes from internal audits, fuzzing and other initiatives - CVE-2016-5198: Out of bounds memory access in V8. Credit to Tencent Keen Security Lab - CVE-2016-5200: Out of bounds memory access in V8. Credit to Choongwoo Han - CVE-2016-5201: Info leak in extensions. Credit to Rob Wu - CVE-2016-5202: Various fixes from internal audits, fuzzing and other initiatives * Remove libxslt symlinks from the upstream taball. * Drop cups patch that's been applied upstream. * Build using gn and drop gyp dependency. * Update debian/copyright. -- Michael Gilbert Fri, 18 Nov 2016 01:36:36 +0000 chromium-browser (53.0.2785.143-1) unstable; urgency=medium * New upstream security release: - CVE-2016-5177: Use after free in V8. Credit to Anonymous - CVE-2016-5178: Various fixes from internal audits, fuzzing and other initiatives. * Change StartupWMClass in the desktop file to chromium (closes: #813079). * Support building with cups 2.2 (closes: #839377). * Update debian/copyright. -- Michael Gilbert Sat, 01 Oct 2016 11:08:42 +0000 chromium-browser (53.0.2785.113-1) unstable; urgency=medium * New upstream security release: - CVE-2016-5170: Use after free in Blink. Credit to Anonymous - CVE-2016-5171: Use after free in Blink. Credit to Anonymous - CVE-2016-5172: Arbitrary Memory Read in v8. Credit to Choongwoo Han - CVE-2016-5173: Extension resource access. Credit to Anonymous - CVE-2016-5174: Popup not correctly suppressed. Credit to Andrey Kovalev - CVE-2016-5175: Various fixes from internal audits, fuzzing and other initiatives. -- Michael Gilbert Tue, 13 Sep 2016 23:12:03 +0000 chromium-browser (53.0.2785.92-3) unstable; urgency=medium * Add -fno-delete-null-pointer checks to the build flags (closes: #833501). -- Michael Gilbert Sun, 11 Sep 2016 14:47:55 +0000 chromium-browser (53.0.2785.92-2) unstable; urgency=medium * Build with gcc 6 (closes: #835943). * Add versioned harfbuzz dependency (closes: #833953). -- Michael Gilbert Tue, 06 Sep 2016 00:53:14 +0000 chromium-browser (53.0.2785.92-1) unstable; urgency=medium * New upstream stable release. * Support building with glibc 2.24 (closes: #836611). -- Michael Gilbert Sun, 04 Sep 2016 19:33:10 +0000 chromium-browser (53.0.2785.89-1) unstable; urgency=medium * New upstream stable release: - CVE-2016-5147: Universal XSS in Blink. Credit to anonymous - CVE-2016-5148: Universal XSS in Blink. Credit to anonymous - CVE-2016-5149: Script injection in extensions. Credit to Max Justicz - CVE-2016-5150: Use after free in Blink. Credit to anonymous - CVE-2016-5151: Use after free in PDFium. Credit to anonymous - CVE-2016-5152: Heap overflow in PDFium. Credit to GiWan Go of Stealien - CVE-2016-5153: Use after destruction in Blink. Credit to Atte Kettunen - CVE-2016-5154: Heap overflow in PDFium. Credit to anonymous - CVE-2016-5155: Address bar spoofing. Credit to anonymous - CVE-2016-5156: Use after free in event bindings. Credit to jinmo123 - CVE-2016-5157: Heap overflow in PDFium. Credit to anonymous - CVE-2016-5158: Heap overflow in PDFium. Credit to GiWan Go - CVE-2016-5159: Heap overflow in PDFium. Credit to GiWan Go - CVE-2016-5160: Extensions web accessible resources bypass. Credit to @l33terally - CVE-2016-5161: Type confusion in Blink. - CVE-2016-5162: Extensions web accessible resources bypass. Credit to Nicolas Golubovic - CVE-2016-5163: Address bar spoofing. Credit to Rafay Baloch - CVE-2016-5164: Universal XSS using DevTools. Credit to anonymous - CVE-2016-5165: Script injection in DevTools. Credit to Gregory Panakkal - CVE-2016-5166: SMB Relay Attack via Save Page As. Credit to Gregory Panakkal - CVE-2016-5167: Various fixes from internal audits, fuzzing and other initiatives. -- Michael Gilbert Sat, 03 Sep 2016 16:30:44 +0000 chromium-browser (52.0.2743.116-2) unstable; urgency=medium * Fix syntax error in debian/copyright. * Include compiler info in the build log. * Add information about debugging to README.debian. * Build with gcc 5 during the gcc 6 transition (closes: #833501). -- Michael Gilbert Sun, 07 Aug 2016 01:05:40 +0000 chromium-browser (52.0.2743.116-1) unstable; urgency=medium * New upstream security release: - CVE-2016-5141 Address bar spoofing. Credit to Sergey Glazunov - CVE-2016-5142 Use-after-free in Blink. Credit to Sergey Glazunov - CVE-2016-5139 Heap overflow in pdfium. Credit to GiWan Go - CVE-2016-5140 Heap overflow in pdfium. Credit to Ke Liu - CVE-2016-5145 Same origin bypass for images in Blink. Credit to Sergey Glazunov - CVE-2016-5143 Parameter sanitization failure in DevTools. Credit to Gregory Panakkal - CVE-2016-5144 Parameter sanitization failure in DevTools. Credit to Gregory Panakkal - CVE-2016-5146: Various fixes from internal audits, fuzzing and other initiatives. -- Michael Gilbert Thu, 04 Aug 2016 13:01:42 +0000 chromium-browser (52.0.2743.82-4) unstable; urgency=medium * Remove menu file. * Build with fastbuild=2. * Disable background networking features. * Link against system harfbuzz library again. -- Michael Gilbert Sat, 30 Jul 2016 21:25:30 +0000 chromium-browser (52.0.2743.82-3) unstable; urgency=medium * Fix a few lintian warnings. * Use gtk3 backend instead of gtk2. * Launch as a single process when debugging to get useful symbol info. -- Michael Gilbert Sat, 30 Jul 2016 04:07:46 +0000 chromium-browser (52.0.2743.82-2) unstable; urgency=medium * Bump standards version. * Drop no longer needed speechd patch. * Build complete debugging symbols again. * Link against libusb 1.0 (closes: #810403). * Fix path to master_preferences (closes: #830274). * Add an explicit dependency on libnettle6 (closes: #832125). -- Michael Gilbert Sun, 24 Jul 2016 22:02:56 +0000 chromium-browser (52.0.2743.82-1) unstable; urgency=medium * New upstream stable release: - CVE-2016-1704: Various fixes from internal audits, fuzzing and other initiatives. - CVE-2016-1705: Various fixes from internal audits, fuzzing and other initiatives. - CVE-2016-1706: Sandbox escape in PPAPI. Credit to Pinkie Pie - CVE-2016-1708: Use-after-free in Extensions. Credit to Adam Varsan - CVE-2016-1709: Heap-buffer-overflow in sfntly. Credit to ChenQin. - CVE-2016-1710: Same-origin bypass in Blink. Credit to Mariusz Mlynski - CVE-2016-1711: Same-origin bypass in Blink. Credit to Mariusz Mlynski - CVE-2016-5127: Use-after-free in Blink. Credit to cloudfuzzer - CVE-2016-5128: Same-origin bypass in V8. Credit to Anonymous - CVE-2016-5129: Memory corruption in V8. Credit to Jeonghoon Shin - CVE-2016-5130: URL spoofing. Credit to Wadih Matar - CVE-2016-5131: Use-after-free in libxml. Credit to Nick Wellnhofer - CVE-2016-5132: Limited same-origin bypass in Service Workers. Credit to Ben Kelly - CVE-2016-5133: Origin confusion in proxy authentication. Credit to Patch Eudor - CVE-2016-5134: URL leakage via PAC script. Credit to Paul Stone - CVE-2016-5135: Content-Security-Policy bypass. Credit to ShenYeYinJiu - CVE-2016-5136: Use after free in extensions. Credit to Rob Wu - CVE-2016-5137: History sniffing with HSTS and CSP. Credit to Xiaoyin Liu -- Michael Gilbert Sat, 23 Jul 2016 03:56:18 +0000 chromium-browser (51.0.2704.79-1) unstable; urgency=medium * New upstream security release: - CVE-2016-1696: Cross-origin bypass in Extension bindings. Credit to anonymous. - CVE-2016-1697: Cross-origin bypass in Blink. Credit to Mariusz Mlynski. - CVE-2016-1698: Information leak in Extension bindings. Credit to Rob Wu. - CVE-2016-1699: Parameter sanitization failure in DevTools. Credit to Gregory Panakkal. - CVE-2016-1700: Use-after-free in Extensions. Credit to Rob Wu. - CVE-2016-1701: Use-after-free in Autofill. Credit to Rob Wu. - CVE-2016-1702: Out-of-bounds read in Skia. Credit to cloudfuzzer. -- Michael Gilbert Thu, 02 Jun 2016 23:55:13 +0000 chromium-browser (51.0.2704.63-2) unstable; urgency=medium * Fix libspeechd build error. -- Michael Gilbert Sun, 29 May 2016 01:42:46 +0000 chromium-browser (51.0.2704.63-1) unstable; urgency=medium * New upstream stable release: - CVE-2016-1667: Same origin bypass in DOM. Credit to Mariusz Mlynski. - CVE-2016-1668: Same origin bypass in Blink V8 bindings. Credit to Mariusz Mlynski. - CVE-2016-1669: Buffer overflow in V8. Credit to Choongwoo Han. - CVE-2016-1670: Race condition in loader. Credit to anonymous. - CVE-2016-1672: Cross-origin bypass in extension bindings. Credit to Mariusz Mlynski. - CVE-2016-1673: Cross-origin bypass in Blink. Credit to Mariusz Mlynski. - CVE-2016-1674: Cross-origin bypass in extensions. Credit to Mariusz Mlynski. - CVE-2016-1675: Cross-origin bypass in Blink. Credit to Mariusz Mlynski. - CVE-2016-1676: Cross-origin bypass in extension bindings. Credit to Rob Wu. - CVE-2016-1677: Type confusion in V8. Credit to Guang Gong. - CVE-2016-1678: Heap overflow in V8. Credit to Christian Holler. - CVE-2016-1679: Heap use-after-free in V8 bindings. Credit to Rob Wu. - CVE-2016-1680: Heap use-after-free in Skia. Credit to Atte Kettunen. - CVE-2016-1681: Heap overflow in PDFium. Credit to Aleksandar Nikolic. - CVE-2016-1682: CSP bypass for ServiceWorker. Credit to KingstonTime. - CVE-2016-1685: Out-of-bounds read in PDFium. Credit to Ke Liu. - CVE-2016-1686: Out-of-bounds read in PDFium. Credit to Ke Liu. - CVE-2016-1687: Information leak in extensions. Credit to Rob Wu. - CVE-2016-1688: Out-of-bounds read in V8. Credit to Max Korenko. - CVE-2016-1689: Heap buffer overflow in media. Credit to Atte Kettunen. - CVE-2016-1690: Heap use-after-free in Autofill. Credit to Rob Wu. - CVE-2016-1691: Heap buffer-overflow in Skia. Credit to Atte Kettunen. - CVE-2016-1692: Limited cross-origin bypass in ServiceWorker. Credit to Til Jasper Ullrich. - CVE-2016-1693: HTTP Download of Software Removal Tool. Credit to Khalil Zhani. - CVE-2016-1694: HPKP pins removed on cache clearance. Credit to Ryan Lester and Bryant Zadegan. - CVE-2016-1695: Various fixes from internal audits, fuzzing and other initiatives. -- Michael Gilbert Fri, 27 May 2016 01:52:42 +0000 chromium-browser (50.0.2661.94-1) unstable; urgency=medium * New upstream security release: - CVE-2016-1660: Out-of-bounds write in Blink. Credit to Atte Kettunen. - CVE-2016-1661: Memory corruption in cross-process frames. Credit to Wadih Matar. - CVE-2016-1662: Use-after-free in extensions. Credit to Rob Wu. - CVE-2016-1663: Use-after-free in Blink’s V8 bindings. Credit to anonymous. - CVE-2016-1664: Address bar spoofing. Credit to Wadih Matar. - CVE-2016-1665: Information leak in V8. Credit to gksgudtjr456. - CVE-2016-1666: Various fixes from internal audits, fuzzing and other initiatives. -- Michael Gilbert Sat, 30 Apr 2016 03:39:44 +0000 chromium-browser (50.0.2661.75-2) unstable; urgency=medium * Fix problem with linking to ffmpeg (closes: #821154). - Thanks to Sebastian Ramacher. -- Michael Gilbert Sat, 23 Apr 2016 00:55:40 +0000 chromium-browser (50.0.2661.75-1) unstable; urgency=medium * New upstream stable release: - CVE-2016-1652: Universal XSS in extension bindings. Credit to anonymous. - CVE-2016-1653: Out-of-bounds write in V8. Credit to Choongwoo Han. - CVE-2016-1651: Out-of-bounds read in Pdfium JPEG2000 decoding. - CVE-2016-1654: Uninitialized memory read in media. Credit to Atte Kettunen. - CVE-2016-1655: Use-after-free related to extensions. Credit to Rob Wu. - CVE-2016-1657: Address bar spoofing. Credit to Luan Herrera. - CVE-2016-1658: Potential leak of sensitive information to malicious extensions. Credit to Antonio Sanso. - CVE-2015-1659: Various fixes from internal audits, fuzzing and other initiatives. -- Michael Gilbert Thu, 14 Apr 2016 01:04:58 +0000 chromium-browser (49.0.2623.108-1) unstable; urgency=medium * New upstream security release: - CVE-2016-1646: Out-of-bounds read in V8. Credit to Wen Xu. - CVE-2016-1647: Use-after-free in Navigation. Credit to anonymous. - CVE-2016-1648: Use-after-free in Extensions. Credit to anonymous. - CVE-2016-1649: Buffer overflow in libANGLE. Credit to lokihardt. - CVE-2016-1650: Various fixes from internal audits, fuzzing and other initiatives. -- Michael Gilbert Sat, 12 Mar 2016 20:12:03 +0000 chromium-browser (49.0.2623.87-1) unstable; urgency=medium * New upstream security release: - CVE-2016-1643: Type confusion in Blink. Credit to cloudfuzzer. - CVE-2016-1644: Use-after-free in Blink. Credit to Atte Kettunen. - CVE-2016-1645: Out-of-bounds write in PDFium. -- Michael Gilbert Wed, 09 Mar 2016 02:27:50 +0000 chromium-browser (49.0.2623.75-2) unstable; urgency=medium * Update standards version. * Add libffi-dev build dependency. -- Michael Gilbert Fri, 04 Mar 2016 00:14:12 +0000 chromium-browser (49.0.2623.75-1) unstable; urgency=medium * New upstream stable release: - CVE-2016-1630: Same-origin bypass in Blink. Credit to Mariusz Mlynski. - CVE-2016-1631: Same-origin bypass in Pepper Plugin. Credit to Mariusz Mlynski. - CVE-2016-1632: Bad cast in Extensions. Credit to anonymous. - CVE-2016-1633: Use-after-free in Blink. Credit to cloudfuzzer. - CVE-2016-1634: Use-after-free in Blink. Credit to cloudfuzzer. - CVE-2016-1635: Use-after-free in Blink. Credit to Rob Wu. - CVE-2016-1636: SRI Validation Bypass. Credit to ryan@cyph.com. - CVE-2015-8126: Out-of-bounds access in libpng. Credit to joerg.bornemann. - CVE-2016-1637: Information Leak in Skia. Credit to Keve Nagy. - CVE-2016-1638: WebAPI Bypass. Credit to Rob Wu. - CVE-2016-1639: Use-after-free in WebRTC. Credit to Khalil Zhani. - CVE-2016-1640: Origin confusion in Extensions UI. Credit to Luan Herrera. - CVE-2016-1641: Use-after-free in Favicon. Credit to Atte Kettunen. - CVE-2016-1642: Various fixes from internal audits, fuzzing and other initiatives. - Multiple vulnerabilities in libv8 (version 4.9.385.26). * Set use_sysroot=0 to continue using system libraries. -- Michael Gilbert Wed, 02 Mar 2016 23:47:54 +0000 chromium-browser (48.0.2564.116-1) unstable; urgency=medium * New stable security release: - CVE-2016-1622: Same-origin bypass in Extensions. Credit to anonymous. - CVE-2016-1623: Same-origin bypass in DOM. Credit to Mariusz Mlynski. - CVE-2016-1624: Buffer overflow in Brotli. Credit to lukezli. - CVE-2016-1625: Navigation bypass in Chrome Instant. Credit to Jann Horn. - CVE-2016-1626: Out-of-bounds read in PDFium. Credit to anonymous. - CVE-2016-1627: Various fixes from internal audits, fuzzing and other initiatives. - CVE-2016-1628: Out-of-bounds read in PDFium. Credit to anonymous. - CVE-2016-1629: Same-origin bypass in Blink and Sandbox escape in Chrome. Credit to anonymous. -- Michael Gilbert Fri, 12 Feb 2016 02:53:42 +0000 chromium-browser (48.0.2564.82-2) unstable; urgency=medium * Build with gcc instead of clang. * Use ld.gold to avoid memory exhaustion while linking (closes: #812569). -- Michael Gilbert Sun, 24 Jan 2016 21:35:33 +0000 chromium-browser (48.0.2564.82-1) unstable; urgency=medium * New upstream stable release: - CVE-2016-1612: Bad cast in V8. Credit to cloudfuzzer. - CVE-2016-1613: Use-after-free in PDFium. Credit to anonymous. - CVE-2016-1614: Information leak in Blink. Credit to Christoph Diehl. - CVE-2016-1615: Origin confusion in Omnibox. Credit to Ron Masas. - CVE-2016-1616: URL Spoofing. Credit to Luan Herrera. - CVE-2016-1617: History sniffing with HSTS and CSP. Credit to jenuis. - CVE-2016-1618: Weak random number generator in Blink. Credit to Aaron Toponce. - CVE-2016-1619: Out-of-bounds read in PDFium. Credit to Keve Nagy. - CVE-2016-1620: Various fixes from internal audits, fuzzing and other initiatives. - Multiple vulnerabilities in V8 fixed at the tip of the 4.8 branch (currently 4.8.271.17). -- Michael Gilbert Thu, 21 Jan 2016 00:06:10 +0000 chromium-browser (47.0.2526.111-1) unstable; urgency=medium * New upstream stable release: - Removes native_client/toolchain files introduced in the previous upstream version (closes: #807973) * Drop libssl-dev build dependency. * Migrate to dbgsym debug packages. * Recommend fonts-liberation (closes: #808106). -- Michael Gilbert Tue, 29 Dec 2015 02:45:48 +0000 chromium-browser (47.0.2526.80-3) unstable; urgency=medium * Drop change to the fullscreen UI (closes: #808076). * Fix installation of the English language pak (closes: #808046). * Avoid symbol conflicts between the jpeg library embedded in pdfium and the system jpeg library (closes: #794031). -- Michael Gilbert Wed, 16 Dec 2015 02:27:17 +0000 chromium-browser (47.0.2526.80-2) unstable; urgency=medium * Greatly simplify the arch:all build. * Don't hide the UI in fullscreen mode. * Ignore the GPU blacklist (closes: #802933). * Fix WMClass in the desktop launcher (closes: #803989). * Set the correct file name for the desktop launcher (closes: #806402). -- Michael Gilbert Sun, 13 Dec 2015 06:16:19 +0000 chromium-browser (47.0.2526.80-1) unstable; urgency=medium * New upstream stable release: - Multiple vulnerabilities fixed in libv8 4.7.80.23. - CVE-2015-6788: Type confusion in extensions. Credit to anonymous. - CVE-2015-6789: Use-after-free in Blink. Credit to cloudfuzzer. - CVE-2015-6790: Escaping issue in saved pages. Credit to Inti De Ceukelaire. - CVE-2015-6791: Various fixes from internal audits, fuzzing and other initiatives. * Add support for ffmpeg 2.9 (closes: #803806). * Disable accelerated video decoding (closes: #804901). -- Michael Gilbert Sat, 12 Dec 2015 22:37:45 +0000 chromium-browser (47.0.2526.73-1) unstable; urgency=medium * New upstream stable release: - CVE-2015-1302: Information leak in PDF viewer. Credit to Rob Wu. - CVE-2015-6765: Use-after-free in AppCache. Credit to anonymous. - CVE-2015-6766: Use-after-free in AppCache. Credit to anonymous. - CVE-2015-6767: Use-after-free in AppCache. Credit to anonymous. - CVE-2015-6768: Cross-origin bypass in DOM. Credit to Mariusz Mlynski. - CVE-2015-6769: Cross-origin bypass in core. Credit to Mariusz Mlynski. - CVE-2015-6770: Cross-origin bypass in DOM. Credit to Mariusz Mlynski. - CVE-2015-6771: Out of bounds access in v8. Credit to anonymous. - CVE-2015-6772: Cross-origin bypass in DOM. Credit to Mariusz Mlynski. - CVE-2015-6764: Out of bounds access in v8. Credit to Guang Gong. - CVE-2015-6773: Out of bounds access in Skia. Credit to cloudfuzzer. - CVE-2015-6774: Use-after-free in Extensions. Credit to anonymous. - CVE-2015-6775: Type confusion in PDFium. Credit to Atte Kettunen. - CVE-2015-6776: Out of bounds access in PDFium. Credit to Hanno Böck. - CVE-2015-6777: Use-after-free in DOM. Credit to Long Liu. - CVE-2015-6778: Out of bounds access in PDFium. Credit to Karl Skomski. - CVE-2015-6779: Scheme bypass in PDFium. Credit to Til Jasper Ullrich. - CVE-2015-6780: Use-after-free in Infobars. Credit to Khalil Zhani. - CVE-2015-6781: Integer overflow in Sfntly. Credit to miaubiz. - CVE-2015-6782: Content spoofing in Omnibox. Credit to Luan Herrera. - CVE-2015-6784: Escaping issue in saved pages. Credit to Inti De Ceukelaire. - CVE-2015-6785: Wildcard matching issue in CSP. Credit to Michael Ficarra. - CVE-2015-6786: Scheme bypass in CSP. Credit to Michael Ficarra. * Lengthen GPU timeout (closes: #781940). * Enable accelerated video decoding (closes: #793815). -- Michael Gilbert Thu, 03 Dec 2015 00:59:47 +0000 chromium-browser (46.0.2490.71-1) unstable; urgency=medium * New upstream stable release: - CVE-2015-6755: Cross-origin bypass in Blink. Credit to Mariusz Mlynski. - CVE-2015-6756: Use-after-free in PDFium. Credit to anonymous. - CVE-2015-6757: Use-after-free in ServiceWorker. Credit to Collin Payne. - CVE-2015-6758: Bad-cast in PDFium. Credit to Atte Kettunen of OUSPG. - CVE-2015-6759: Information leakage in LocalStorage. Credit to Muneaki Nishimura. - CVE-2015-6760: Improper error handling in libANGLE. Credit to Ronald Crane, an independent security researcher. - CVE-2015-6762: CORS bypass via CSS fonts. Credit to Muneaki Nishimura. - CVE-2015-6763: Various fixes from internal audits, fuzzing and other initiatives. - Multiple vulnerabilities in V8 fixed at the tip of the 4.6 branch (currently 4.6.85.23). -- Michael Gilbert Fri, 16 Oct 2015 01:43:28 +0000 chromium-browser (45.0.2454.101-1) unstable; urgency=medium * New upstream stable release: - CVE-2015-1303: Cross-origin bypass in DOM. Credit to Mariusz Mlynski. - CVE-2015-1304: Cross-origin bypass in V8. Credit to Mariusz Mlynski. -- Michael Gilbert Sat, 26 Sep 2015 15:57:23 +0000 chromium-browser (45.0.2454.85-1) unstable; urgency=medium * New upstream stable release: - CVE-2015-1291: Cross-origin bypass in DOM. Credit to anonymous. - CVE-2015-1292: Cross-origin bypass in ServiceWorker. Credit to Mariusz Mlynski. - CVE-2015-1293: Cross-origin bypass in DOM. Credit to Mariusz Mlynski. - CVE-2015-1294: Use-after-free in Skia. Credit to cloudfuzzer. - CVE-2015-1295: Use-after-free in Printing. Credit to anonymous. - CVE-2015-1296: Character spoofing in omnibox. Credit to zcorpan. - CVE-2015-1297: Permission scoping error in WebRequest. Credit to Alexander Kashev. - CVE-2015-1298: URL validation error in extensions. Credit to Rob Wu. - CVE-2015-1299: Use-after-free in Blink. Credit to taro.suzuki.dev. - CVE-2015-1300: Information leak in Blink. Credit to cgvwzq. - CVE-2015-1301: Various fixes from internal audits, fuzzing and other initiatives. - Multiple vulnerabilities in the libv8 library (updated to 4.5.103.29). -- Michael Gilbert Tue, 01 Sep 2015 22:07:59 +0000 chromium-browser (44.0.2403.157-1) unstable; urgency=medium * New upstream stable release: - GPU process race condition fixed (closes: #794472). * Use system ffmpeg (closes: #763632): - Thanks to Andreas Cadhalpun. -- Michael Gilbert Sun, 23 Aug 2015 22:43:20 +0000 chromium-browser (44.0.2403.107-2) unstable; urgency=medium * More updates to debian/copyright. * Add some more instructions for bug presubmission. * Remove no longer needed mainscript and preinst scripts. * Use chromium.png in the desktop launcher (closes: #794818). -- Michael Gilbert Sat, 08 Aug 2015 23:03:26 +0000 chromium-browser (44.0.2403.107-1) unstable; urgency=medium * New upstream stable release. * More updates to debian/copyright. -- Michael Gilbert Sun, 26 Jul 2015 01:41:55 +0000 chromium-browser (44.0.2403.89-1) unstable; urgency=medium * New upstream stable release: - CVE-2015-1270: Uninitialized memory read in ICU. Credit to Atte Kettunen. - CVE-2015-1271: Heap-buffer-overflow in pdfium. Credit to cloudfuzzer. - CVE-2015-1272: Use-after-free related to unexpected GPU process termination. Credit to Chamal de Silva. - CVE-2015-1273: Heap-buffer-overflow in pdfium. Credit to makosoft. - CVE-2015-1274: Settings allowed executable files to run immediately after download. Credit to andrewm.bpi. - CVE-2015-1275: UXSS in Chrome for Android. Credit to WangTao(neobyte). - CVE-2015-1276: Use-after-free in IndexedDB. Credit to Collin Payne. - CVE-2015-1277: Use-after-free in accessibility. Credit to SkyLined. - CVE-2015-1278: URL spoofing using pdf files. Credit to Chamal de Silva. - CVE-2015-1279: Heap-buffer-overflow in pdfium. Credit to mlafon. - CVE-2015-1280: Memory corruption in skia. Credit to cloudfuzzer. - CVE-2015-1281: CSP bypass. Credit to Masato Kinugawa. - CVE-2015-1282: Use-after-free in pdfium. Credit to Chamal de Silva. - CVE-2015-1283: Heap-buffer-overflow in expat. Credit to Huzaifa Sidhpurwala. - CVE-2015-1284: Use-after-free in blink. Credit to Atte Kettunen. - CVE-2015-1285: Information leak in XSS auditor. Credit to gazheyes. - CVE-2015-1286: UXSS in blink. Credit to anonymous. - CVE-2015-1287: SOP bypass with CSS. Credit to filedescriptor. - CVE-2015-1288: Spell checking dictionaries fetched over HTTP. Credit to Mike Ruddy. - CVE-2015-1289: Various fixes from internal audits, fuzzing and other initiatives. * Remove hotword patch, now disabled by default upstream. -- Michael Gilbert Tue, 21 Jul 2015 22:33:06 +0000 chromium-browser (43.0.2357.130-1) unstable; urgency=medium * New upstream security release: - CVE-2015-1266: Scheme validation error in WebUI. Credit to anonymous. - CVE-2015-1268: Cross-origin bypass in Blink. Credit to Mariusz Mlynski. - CVE-2015-1267: Cross-origin bypass in Blink. Credit to anonymous. - CVE-2015-1269: Normalization error in HSTS/HPKP preload list. Credit to Mike Ruddy. * Don't build the Google Now extension. * More updates to debian/copyright. -- Michael Gilbert Tue, 23 Jun 2015 21:43:54 +0000 chromium-browser (43.0.2357.124-3) unstable; urgency=medium * Fix syntax error in default-flags (closes: #789310). -- Michael Gilbert Fri, 19 Jun 2015 22:04:28 +0000 chromium-browser (43.0.2357.124-2) unstable; urgency=medium * More updates to debian/copyright. * Disable all external component loading. * Set flag to avoid hidden items in the about:extensions dialog. -- Michael Gilbert Fri, 19 Jun 2015 05:31:48 +0000 chromium-browser (43.0.2357.124-1) unstable; urgency=medium * New upstream release. * Disable wallet extension. * Remove more sourceless files. * Remove files no longer included from debian/copright. -- Michael Gilbert Wed, 17 Jun 2015 03:00:44 +0000 chromium-browser (43.0.2357.81-1) unstable; urgency=medium * New upstream release fixing missing icon (closes: #786490). * Disable hotword (closes: #786909). * Remove some sourceless files. -- Michael Gilbert Mon, 15 Jun 2015 04:04:34 +0000 chromium-browser (43.0.2357.65-1) unstable; urgency=medium * New upstream stable release: - CVE-2015-1252: Sandbox escape in Chrome. Credit to anonymous. - CVE-2015-1253: Cross-origin bypass in DOM. Credit to anonymous. - CVE-2015-1254: Cross-origin bypass in Editing. Credit to armin@rawsec.net. - CVE-2015-1255: Use-after-free in WebAudio. Credit to Khalil Zhani. - CVE-2015-1256: Use-after-free in SVG. Credit to Atte Kettunen. - CVE-2015-1251: Use-after-free in Speech. Credit to SkyLined. - CVE-2015-1257: Container-overflow in SVG. Credit to miaubiz. - CVE-2015-1258: Negative-size parameter in Libvpx. Credit to cloudfuzzer - CVE-2015-1259: Uninitialized value in PDFium. Credit to Atte Kettunen. - CVE-2015-1260: Use-after-free in WebRTC. Credit to Khalil Zhani. - CVE-2015-1261: URL bar spoofing. Credit to Juho Nurminen. - CVE-2015-1262: Uninitialized value in Blink. Credit to miaubiz. - CVE-2015-1263: Insecure download of spellcheck dictionary. Credit to Mike Ruddy. - CVE-2015-1264: Cross-site scripting in bookmarks. Credit to K0r3Ph1L. - Fix for gzip file downloading (closes: #677948). - Fix for bookmark navigation (closes: #756211). * Enable HiDPI (closes: #763421). * Make chromium-l10n binnmuable. * Fix Built-Using fields. -- Michael Gilbert Sat, 09 May 2015 22:37:06 +0000 chromium-browser (42.0.2311.135-2) unstable; urgency=medium * Remove src/ prefix in debian/copyright. * Fix path to default configuration files. * Describe omnibox search in README.debian (closes: 781591). * Fix application name in the launcher script (closes: #783858). * Set CHROME_WRAPPER to /usr/bin/chromium by default (closes: #783097). -- Michael Gilbert Sat, 09 May 2015 14:53:34 +0000 chromium-browser (42.0.2311.135-1) unstable; urgency=medium [ Michael Gilbert ] * Remove some unneeded files from the upstream tarball. * Move default configuration files to /usr/share/chromium. * New upstream stable release: - CVE-2015-1243: Use-after-free in DOM. Credit to Saif El-Sherei. - CVE-2015-1250: Various fixes from internal audits, fuzzing and other initiatives. [ Shawn Landden ] * Suppress first run welcome page. * Turn off safebrowsing. * Turn off pinging Google on 404 and other HTTP errors. -- Michael Gilbert Thu, 30 Apr 2015 01:08:53 +0000 chromium-browser (42.0.2311.90-2) unstable; urgency=medium * Update debian/copyright. * Drop some unused patches. * Drop chromium-inspector package. * Remove Giuseppe from the uploaders. - Many thanks for the prior contributions. * Fix built on text (closes: #782052). * Fix path to master_preferences (closes: #777708). * Disable default browser warning (closes: #777265). * Conflict with libgl1-mesa-swx11 (closes: #776388). * Add MHTML mimetype to chromium.desktop (closes: #769039). * Tighten chromium-l10n versioned dependency (closes: #781505). -- Michael Gilbert Sun, 26 Apr 2015 18:49:52 +0000 chromium-browser (42.0.2311.90-1) unstable; urgency=medium * New upstream stable release: - CVE-2015-1235: Cross-origin-bypass in HTML parser. Credit to anonymous. - CVE-2015-1236: Cross-origin-bypass in Blink. Credit to Amitay Dobo. - CVE-2015-1237: Use-after-free in IPC. Credit to Khalil Zhani. - CVE-2015-1238: Out-of-bounds write in Skia. Credit to cloudfuzzer. - CVE-2015-1240: Out-of-bounds read in WebGL. Credit to w3bd3vil. - CVE-2015-1241: Tap-Jacking. Credit to Phillip Moon and Matt Weston. - CVE-2015-1242: Type confusion in V8. Credit to fcole@onshape.com. - CVE-2015-1244: HSTS bypass in WebSockets. Credit to Mike Ruddy. - CVE-2015-1245: Use-after-free in PDFium. Credit to Khalil Zhani. - CVE-2015-1246: Out-of-bounds read in Blink. Credit to Atte Kettunen. - CVE-2015-1247: Scheme issues in OpenSearch. Credit to Jann Horn. - CVE-2015-1248: SafeBrowsing bypass. Credit to Vittorio Gambaletta. - CVE-2015-1249: Various fixes from internal audits, fuzzing and other initiatives. Also multiple issues in v8 4.2.77.14. -- Michael Gilbert Thu, 16 Apr 2015 00:12:00 +0000 chromium-browser (41.0.2272.118-1) unstable; urgency=medium * New upstream stable release: - CVE-2015-1233: A combination of V8, Gamepad and IPC bugs that can lead to remote code execution outside of the sandbox. - CVE-2015-1234: Buffer overflow via race condition in GPU. Credit to lokihardt working with Pwn2Own and HP’s Zero Day Initiative. -- Michael Gilbert Thu, 02 Apr 2015 00:33:12 +0000 chromium-browser (41.0.2272.76-2) unstable; urgency=medium * Install v8 natives and snapshot blob files (closes: #779717). - Thanks to Jason Rhinelander. -- Michael Gilbert Fri, 06 Mar 2015 00:59:50 +0000 chromium-browser (41.0.2272.76-1) unstable; urgency=medium * New upstream stable release: - CVE-2015-1212: Out-of-bounds write in media. Credit to anonymous. - CVE-2015-1213: Out-of-bounds write in skia filters. Credit to cloudfuzzer. - CVE-2015-1214: Out-of-bounds write in skia filters. Credit to cloudfuzzer. - CVE-2015-1215: Out-of-bounds write in skia filters. Credit to cloudfuzzer. - CVE-2015-1216: Use-after-free in v8 bindings. Credit to anonymous. - CVE-2015-1217: Type confusion in v8 bindings. Credit to anonymous. - CVE-2015-1218: Use-after-free in dom. Credit to cloudfuzzer. - CVE-2015-1219: Integer overflow in webgl. Credit to Chen Zhang. - CVE-2015-1220: Use-after-free in gif decoder. Credit to Aki Helin. - CVE-2015-1221: Use-after-free in web databases. Credit to Collin Payne. - CVE-2015-1222: Use-after-free in service workers. Credit to Collin Payne. - CVE-2015-1223: Use-after-free in dom. Credit to Maksymillian Motyl. - CVE-2015-1224: Out-of-bounds read in vpxdecoder. Credit to Aki Helin. - CVE-2015-1225: Out-of-bounds read in pdfium. Credit to cloudfuzzer. - CVE-2015-1226: Validation issue in debugger. Credit to Rob Wu. - CVE-2015-1227: Uninitialized value in blink. Credit to Christoph Diehl. - CVE-2015-1228: Uninitialized value in rendering. Credit to miaubiz. - CVE-2015-1229: Cookie injection via proxies. Credit to iliwoy. - CVE-2015-1230: Type confusion in v8. Credit to Skylined. - CVE-2015-1231: Various fixes from internal audits, fuzzing and other initiatives. -- Michael Gilbert Wed, 04 Mar 2015 00:11:46 +0000 chromium-browser (40.0.2214.111-1) unstable; urgency=medium * New upstream stable release: - CVE-2015-1209: Use-after-free in DOM. Credit to Maksymillian Motyl. - CVE-2015-1210: Cross-origin-bypass in V8 bindings. Credit to anonymous. - CVE-2015-1211: Privilege escalation using service workers. Credit to anonymous. - CVE-2015-1212: Various fixes from internal audits, fuzzing and other initiatives. -- Michael Gilbert Fri, 13 Feb 2015 02:32:16 +0000 chromium-browser (40.0.2214.91-1) unstable; urgency=medium * New upstream stable release: - CVE-2014-7923: Memory corruption in ICU. Credit to yangdingning. - CVE-2014-7924: Use-after-free in IndexedDB. Credit to Collin Payne. - CVE-2014-7925: Use-after-free in WebAudio. Credit to mark.buer. - CVE-2014-7926: Memory corruption in ICU. Credit to yangdingning. - CVE-2014-7927: Memory corruption in V8. Credit to Christian Holler. - CVE-2014-7928: Memory corruption in V8. Credit to Christian Holler. - CVE-2014-7929: Use-after-free in DOM. Credit to cloudfuzzer. - CVE-2014-7930: Use-after-free in DOM. Credit to cloudfuzzer. - CVE-2014-7931: Memory corruption in V8. Credit to cloudfuzzer. - CVE-2014-7932: Use-after-free in DOM. Credit to Atte Kettunen. - CVE-2014-7933: Use-after-free in FFmpeg. Credit to aohelin. - CVE-2014-7934: Use-after-free in DOM. Credit to cloudfuzzer. - CVE-2014-7935: Use-after-free in Speech. Credit to Khalil Zhani. - CVE-2014-7936: Use-after-free in Views. Credit to Christoph Diehl. - CVE-2014-7937: Use-after-free in FFmpeg. Credit to Atte Kettunen. - CVE-2014-7938: Memory corruption in Fonts. Credit to Atte Kettunen. - CVE-2014-7939: Same-origin-bypass in V8. Credit to Takeshi Terada. - CVE-2014-7940: Uninitialized-value in ICU. Credit to miaubiz. - CVE-2014-7941: Out-of-bounds read in UI. Credit to Atte Kettunen and Christoph Diehl. - CVE-2014-7942: Uninitialized-value in Fonts. Credit to miaubiz. - CVE-2014-7943: Out-of-bounds read in Skia. Credit to Atte Kettunen. - CVE-2014-7944: Out-of-bounds read in PDFium. Credit to cloudfuzzer. - CVE-2014-7945: Out-of-bounds read in PDFium. Credit to cloudfuzzer. - CVE-2014-7946: Out-of-bounds read in Fonts. Credit to miaubiz. - CVE-2014-7947: Out-of-bounds read in PDFium. Credit to fuzztercluck. - CVE-2014-7948: Caching error in AppCache. Credit to jiayaoqijia. - CVE-2015-1205: Various fixes from internal audits, fuzzing and other initiatives. -- Michael Gilbert Thu, 22 Jan 2015 04:42:18 +0000 chromium-browser (39.0.2171.71-2) unstable; urgency=medium * Add missing test to chromium.preinst (closes: #771684). -- Michael Gilbert Tue, 02 Dec 2014 01:30:33 +0000 chromium-browser (39.0.2171.71-1) unstable; urgency=medium * New upstream stable release: - CVE-2014-3566: SSLv3 support is now disabled by default. - CVE-2014-7899: Address bar spoofing. Credit to Eli Grey. - CVE-2014-7900: Use-after-free in pdfium. Credit to Atte Kettunen. - CVE-2014-7901: Integer overflow in pdfium. Credit to cloudfuzzer. - CVE-2014-7902: Use-after-free in pdfium. Credit to cloudfuzzer. - CVE-2014-7903: Buffer overflow in pdfium. Credit to cloudfuzzer. - CVE-2014-7904: Buffer overflow in Skia. Credit to Atte Kettunen. - CVE-2014-7905: Flaw allowing navigation to intents that do not have the BROWSABLE category. Credit to WangTao(neobyte). - CVE-2014-7906: Use-after-free in pepper plugins. Credit to Chen Zhang. - CVE-2014-0574: Double-free in Flash. Credit to biloulehibou. - CVE-2014-7907: Use-after-free in blink. Credit to Chen Zhang. - CVE-2014-7908: Integer overflow in media. Credit to Christoph Diehl. - CVE-2014-7909: Uninitialized memory read in Skia. Credit to miaubiz. * Display info about upstream ending support for non-sse2 (closes: #769836). * Remove non-free RFCs from the upstream tarball (closes: #771640). * Include a conf file for Google's API keys (closes: #748867). * Handle dangling chromium icon directory (closes: #766420). * Install icons into the correct path (closes: #767697). -- Michael Gilbert Mon, 01 Dec 2014 01:13:44 +0000 chromium-browser (38.0.2125.101-3) unstable; urgency=medium * Ignore dpkg files in /etc/chromium.d (closes: #765959). * Remove trailing maintscript arguments (closes: #765528). * Use libjpeg-dev instead of libjpeg8-dev (closes: #765821). -- Michael Gilbert Fri, 17 Oct 2014 21:27:05 +0000 chromium-browser (38.0.2125.101-2) unstable; urgency=medium * Disable HiDPI (closes: #764883). * Fix conffile handling (closes: #764769). * Correct icon installation logic (closes: #764828). * Use embedded protobuf code copy (closes: #764911). * Support larger set of html5 video formats again (closes: #764793). -- Michael Gilbert Sun, 12 Oct 2014 21:34:26 +0000 chromium-browser (38.0.2125.101-1) unstable; urgency=medium * New upstream stable release: - CVE-2014-3188: A special thanks to Jüri Aedla for a combination of V8 and IPC bugs that can lead to remote code execution outside of the sandbox. - CVE-2014-3189: Out-of-bounds read in PDFium. Credit to cloudfuzzer. - CVE-2014-3190: Use-after-free in Events. Credit to cloudfuzzer, Chen Zhang. - CVE-2014-3191: Use-after-free in Rendering. Credit to cloudfuzzer. - CVE-2014-3192: Use-after-free in DOM. Credit to cloudfuzzer. - CVE-2014-3193: Type confusion in Session Management. Credit to miaubiz. - CVE-2014-3194: Use-after-free in Web Workers. Credit to Collin Payne. - CVE-2014-3195: Information Leak in V8. Credit to Jüri Aedla. - CVE-2014-3197: Information Leak in XSS Auditor. Credit to Takeshi Terada. - CVE-2014-3198: Out-of-bounds read in PDFium. Credit to Atte Kettunen. - CVE-2014-3199: Release Assert in V8 bindings. Credit to Collin Payne. - CVE-2014-3200: Various fixes from internal audits, fuzzing and other initiatives (Chrome 38). - Improved support for HiDPI displays (closes: #763421). * Add libgnome-keyring-dev build dependency (closes: #764548). * Install desktop file and icons again (closes: #764373). * Correctly handle old conffiles (closes: #764180). -- Michael Gilbert Fri, 10 Oct 2014 00:49:02 +0000 chromium-browser (37.0.2062.120-4) unstable; urgency=medium * Merge changes from the experimental branch. * Install chromium menu entry (closes: #752855). * Use /etc/chromium.d for preferences (closes: #762574). -- Michael Gilbert Sun, 28 Sep 2014 17:39:41 +0000 chromium-browser (37.0.2062.120-3) unstable; urgency=medium * Build with clang 3.5. * Enable support for HiDPI displays (closes: #763421). * Document debian-specific command-line options (closes: #755401). -- Michael Gilbert Sun, 28 Sep 2014 17:39:41 +0000 chromium-browser (37.0.2062.120-2) unstable; urgency=medium * Build with clang instead of gcc. * Add libexif-dev build dependency. -- Michael Gilbert Sun, 21 Sep 2014 22:57:11 +0000 chromium-browser (37.0.2062.120-1) unstable; urgency=medium * New upstream stable release (closes: #761090): - CVE-2014-3160: Same-Origin-Policy bypass in SVG. Credit to Christian Schneider. - CVE-2014-3162: Various fixes from internal audits, fuzzing and other initiatives. - CVE-2014-3165: Use-after-free in web sockets. Credit to Collin Payne. - CVE-2014-3166: Information disclosure in SPDY. Credit to Antoine Delignat-Lavaud. - CVE-2014-3167: Various fixes from internal audits, fuzzing and other initiatives. - CVE-2014-3168: Use-after-free in SVG. Credit to cloudfuzzer. - CVE-2014-3169: Use-after-free in DOM. Credit to Andrzej Dyjak. - CVE-2014-3170: Extension permission dialog spoofing. Credit to Rob Wu. - CVE-2014-3171: Use-after-free in bindings. Credit to cloudfuzzer. - CVE-2014-3172: Issue related to extension debugging. Credit to Eli Grey. - CVE-2014-3173: Uninitialized memory read in WebGL. Credit to jmuizelaar. - CVE-2014-3174: Uninitialized memory read in Web Audio. Credit to Atte Kettunen from OUSPG. - CVE-2014-3175: Various fixes from internal audits, fuzzing and other initiatives. - CVE-2014-3176: A special reward to lokihardt@asrt for a combination of bugs in V8, IPC, sync, and extensions that can lead to remote code execution outside of the sandbox. - CVE-2014-3177: A special reward to lokihardt@asrt for a combination of bugs in V8, IPC, sync, and extensions that can lead to remote code execution outside of the sandbox. - CVE-2014-3178: Use-after-free in rendering. Credit to miaubiz. - CVE-2014-3179: Various fixes from internal audits, fuzzing and other initiatives. - Fixes segfault in angle with gcc 4.9 (closes: #751652). - Includes an embedded pdf viewer (closes: #667591). * Use pristine upstream that doesn't have pre-built nacl (closes: #753761). * Correct webbrowser spelling in the desktop file (closes: #758143). * Remove leftover conffiles (closes: #751848). * Build using gcc 4.9 (closes: #754182). -- Michael Gilbert Wed, 13 Aug 2014 22:56:16 +0000 chromium-browser (36.0.1985.125-0) experimental; urgency=medium * New upstream beta release. * Remove more files from the upstream tarball. -- Michael Gilbert Wed, 16 Jul 2014 00:49:19 +0000 chromium-browser (36.0.1985.103-1) experimental; urgency=medium * New upstream beta release. * Remove android folders. -- Michael Gilbert Sat, 12 Jul 2014 21:38:26 +0000 chromium-browser (36.0.1985.98-1) experimental; urgency=medium * New upstream beta release. * Remove more files from the upstream tarball. -- Michael Gilbert Sun, 06 Jul 2014 04:05:56 +0000 chromium-browser (36.0.1985.97-1) experimental; urgency=medium * New upstream beta release. * Use system srtp, modpbase64, zlib, and minizip. * Remove srtp files from the upstream tarball (closes: #753826). -- Michael Gilbert Sun, 06 Jul 2014 00:06:57 +0000 chromium-browser (36.0.1985.84-1) experimental; urgency=medium * New upstream beta release. * Remove more files from the upstream tarball. -- Michael Gilbert Sat, 21 Jun 2014 23:41:14 +0000 chromium-browser (36.0.1985.67-1) experimental; urgency=medium * New upstream beta release. * More verbose linking output. * Fix unwanted output (closes: #751359). * More robust fix for older processors (closes: #750361). -- Michael Gilbert Wed, 18 Jun 2014 00:18:47 +0000 chromium-browser (36.0.1985.49-1) experimental; urgency=medium * New upstream beta release. * Remove more files from the upstream tarball. -- Michael Gilbert Sun, 08 Jun 2014 01:49:51 +0000 chromium-browser (36.0.1985.36-1) experimental; urgency=medium * Use system libre2. * Remove more files from the upstream tarball. * Don't set sse2 compiler flags on i386 (closes: #750361). -- Michael Gilbert Sat, 07 Jun 2014 22:00:14 +0000 chromium-browser (36.0.1985.35-1) experimental; urgency=medium * Remove more files from the upstream tarball. * Only include TODO.Debian once (closes: #750568). -- Michael Gilbert Thu, 05 Jun 2014 20:21:28 +0000 chromium-browser (36.0.1985.32-1) experimental; urgency=medium * New upstream beta release. * Add icon to menu entry (closes: #703307). * Remove third_party/wtl (closes: #647529). * Update package descriptions (closes: #749673). -- Michael Gilbert Sat, 31 May 2014 19:05:32 +0000 chromium-browser (36.0.1985.18-2) experimental; urgency=medium * Add libexif-dev build dependency. * Add flags to avoid memory exhaustion while linking on i386. -- Michael Gilbert Mon, 26 May 2014 23:43:25 +0000 chromium-browser (36.0.1985.18-1) experimental; urgency=medium * New upstream beta release. * Build with gcc 4.9. * Rebuild the packaging from scratch using the "lite" upstream packages, ninja instead of make, debhelper 9 instead of cdbs, and simplified debian/rules. * Use system versions of icu, png, jpeg, opus, snappy, and jsoncpp. * No longer provide get-current-source rule (closes: #585814). * Add a README.debian document with information about chromium-inspector and command-line flags (closes: #629505, #649812). * Add protobuf-compiler, ninja-build, bison, and gperf build dependencies (closes: #748673). -- Michael Gilbert Sun, 25 May 2014 03:39:39 +0000 chromium-browser (35.0.1916.153-2) unstable; urgency=medium * Avoid gcc 4.9 (closes: #751294) -- Michael Gilbert Thu, 12 Jun 2014 01:11:09 +0000 chromium-browser (35.0.1916.153-1) unstable; urgency=high * New upstream stable release: - CVE-2014-3154: Use-after-free in filesystem api. Credit to Collin Payne. - CVE-2014-3155: Out-of-bounds read in SPDY. Credit to James March, Daniel Sommermann and Alan Frindell of Facebook. - CVE-2014-3156: Buffer overflow in clipboard. Credit to Atte Kettunen. - CVE-2014-3157: Heap overflow in media. * Don't set sse2 compiler flags on i386 (closes: #750361). * Prefer libgcrypt11 (closes: #750304). -- Michael Gilbert Wed, 11 Jun 2014 02:31:22 +0000 chromium-browser (35.0.1916.114-2) unstable; urgency=medium * Add flags to avoid memory exhaustion while linking on i386 (closes: #746034). -- Michael Gilbert Tue, 27 May 2014 03:09:00 +0000 chromium-browser (35.0.1916.114-1) unstable; urgency=high * New upstream stable release: - CVE-2014-1743: Use-after-free in styles. Credit to cloudfuzzer. - CVE-2014-1744: Integer overflow in audio. Credit to Aaron Staple. - CVE-2014-1745: Use-after-free in SVG. Credit to Atte Kettunen. - CVE-2014-1746: Out-of-bounds read in media filters. Credit to Holger Fuhrmannek. - CVE-2014-1747: UXSS with local MHTML file. Credit to packagesu. - CVE-2014-1748: UI spoofing with scrollbar. Credit to Jordan Milne. - CVE-2014-1749: Various fixes from internal audits, fuzzing and other initiatives. - CVE-2014-3152: Integer underflow in V8 fixed in version 3.25.28.16. -- Michael Gilbert Wed, 21 May 2014 23:15:51 +0000 chromium-browser (34.0.1847.137-1) unstable; urgency=medium * New upstream stable release: - High CVE-2014-1740: Use-after-free in WebSockets. Credit to Collin Payne. - High CVE-2014-1741: Integer overflow in DOM ranges. Credit to John Butler. - High CVE-2014-1742: Use-after-free in editing. Credit to cloudfuzzer. -- Michael Gilbert Sat, 17 May 2014 13:06:30 +0000 chromium-browser (34.0.1847.132-1) unstable; urgency=medium * New upstream stable release: - High CVE-2014-1730: Type confusion in V8. Credit to Anonymous. - High CVE-2014-1731: Type confusion in DOM. Credit to John Butler. - High CVE-2014-1736: Integer overflow in V8. Credit to SkyLined working with HP's Zero Day Initiative - Medium CVE-2014-1732: Use-after-free in Speech Recognition. Credit to Khalil Zhani - Medium CVE-2014-1733: Compiler bug in Seccomp-BPF. Credit to Jed Davis - CVE-2014-1734: Various fixes from internal audits, fuzzing and other initiatives. - CVE-2014-1735: Multiple vulnerabilities in V8 fixed in version 3.24.35.33. * Add libkrb5-dev build-dependency (closes: #745794). * Remove non-free file (closes: #745397). -- Michael Gilbert Sat, 26 Apr 2014 18:03:53 +0000 chromium-browser (34.0.1847.116-2) unstable; urgency=medium * Add libgcrypt build-dependency. -- Michael Gilbert Tue, 15 Apr 2014 00:22:36 +0000 chromium-browser (34.0.1847.116-1) unstable; urgency=high * New upstream stable release: - High CVE-2014-1716: UXSS in V8. Credit to Anonymous. - High CVE-2014-1717: OOB access in V8. Credit to Anonymous. - High CVE-2014-1718: Integer overflow in compositor. Credit to Aaron Staple. - High CVE-2014-1719: Use-after-free in web workers. Credit to Collin Payne. - High CVE-2014-1720: Use-after-free in DOM. Credit to cloudfuzzer. - High CVE-2014-1721: Memory corruption in V8. Credit to Christian Holler. - High CVE-2014-1722: Use-after-free in rendering. Credit to miaubiz. - High CVE-2014-1723: Url confusion with RTL characters. Credit to George McBay. - High CVE-2014-1724: Use-after-free in speech. Credit to Atte Kettunen. - Medium CVE-2014-1725: OOB read with window property. Credit to Anonymous. - Medium CVE-2014-1726: Local cross-origin bypass. Credit to Jann Horn. - Medium CVE-2014-1727: Use-after-free in forms. Credit to Khalil Zhani. - CVE-2014-1728: Various fixes from internal audits, fuzzing and other initiatives. - CVE-2014-1729: Multiple vulnerabilities in V8 fixed in version 3.24.35.22. * Remove sourceless javascript files (closes: #735355). * Remove sourceless swf files (closes: #735344). -- Michael Gilbert Fri, 11 Apr 2014 01:42:04 +0000 chromium-browser (33.0.1750.152-1) unstable; urgency=high * [641361a] Disable new GN stuff * [43cea90] Refreshed patches * New stable release: - High CVE-2014-1713: Use-after-free in Blink bindings - High CVE-2014-1705: Memory corruption in V8 - High CVE-2014-1715: Directory traversal issue - High CVE-2014-1700: Use-after-free in speech. Credit to Chamal de Silva. - High CVE-2014-1701: UXSS in events. Credit to aidanhs. - High CVE-2014-1702: Use-after-free in web database. Credit to Collin Payne. - High CVE-2014-1703: Potential sandbox escape due to a use-after-free in web sockets. - CVE-2014-1704: Multiple vulnerabilities in V8 fixed in version 3.23.17.18 - High CVE-2013-6663: Use-after-free in svg images. Credit to Atte Kettunen of OUSPG. - High CVE-2013-6664: Use-after-free in speech recognition. Credit to Khalil Zhani. - High CVE-2013-6665: Heap buffer overflow in software rendering. Credit to cloudfuzzer. - Medium CVE-2013-6666: Chrome allows requests in flash header request. Credit to netfuzzerr. - CVE-2013-6667: Various fixes from internal audits, fuzzing and other initiatives. - CVE-2013-6668: Multiple vulnerabilities in V8 fixed in version 3.24.35.10 - High CVE-2013-6653: Use-after-free related to web contents. Credit to Khalil Zhani. - High CVE-2013-6654: Bad cast in SVG. Credit to TheShow3511. - High CVE-2013-6655: Use-after-free in layout. Credit to cloudfuzzer. - High CVE-2013-6656: Information leak in XSS auditor. Credit to NeexEmil. - Medium CVE-2013-6657: Information leak in XSS auditor. Credit to NeexEmil - Medium CVE-2013-6658: Use-after-free in layout. Credit to cloudfuzzer. - Medium CVE-2013-6659: Issue with certificates validation in TLS handshake. Credit to Antoine Delignat-Lavaud and Karthikeyan Bhargavan from Prosecco, Inria Paris. - Low CVE-2013-6660: Information leak in drag and drop. Credit to bishopjeffreys. - Low-High CVE-2013-6661: Various fixes from internal audits, fuzzing and other initiatives. Of these, seven are fixes for issues that could have allowed for sandbox escapes from compromised renderers. -- Giuseppe Iuculano Fri, 21 Mar 2014 17:20:44 +0100 chromium-browser (32.0.1700.123-4) unstable; urgency=medium * Remove polymer.js.min. -- Michael Gilbert Sun, 09 Mar 2014 22:30:14 +0000 chromium-browser (32.0.1700.123-3) unstable; urgency=medium * Remove a lot of sourceless files. * Suggest mozplugger (closes: #626400). * Use file's -E option (closes: #740476). * Capitalize Chromium in descriptions (closes: #632928, #715802). -- Michael Gilbert Sun, 16 Feb 2014 18:50:06 +0000 chromium-browser (32.0.1700.123-2) unstable; urgency=medium * Build with system libjs-jquery-flot. * Build chromedriver (closes: #725130). - Thanks to Vincent Bernat and Adrian Lang. -- Michael Gilbert Sun, 16 Feb 2014 02:32:18 +0000 chromium-browser (32.0.1700.123-1) unstable; urgency=medium * [a7cf72b] Refreshed Patches * [0da7fc2] Added libdrm-dev and libcap-dev in build-deps * New stable release: - High CVE-2013-6649: Use-after-free in SVG images. Credit to Atte Kettunen of OUSPG. - High CVE-2013-6650: Memory corruption in V8. This issue was fixed in v8 version 3.22.24.16. Credit to Christian Holler. - High CVE-2013-6646: Use-after-free in web workers. Credit to Collin Payne. - High CVE-2013-6641: Use-after-free related to forms. Credit to Atte Kettunen of OUSPG. - High CVE-2013-6643: Unprompted sync with an attacker’s Google account. Credit to Joao Lucas Melo Brasio. - CVE-2013-6645 Use-after-free related to speech input elements. Credit to Khalil Zhani. - CVE-2013-6644: Various fixes from internal audits, fuzzing and other initiatives. -- Giuseppe Iuculano Thu, 13 Feb 2014 19:36:17 +0100 chromium-browser (31.0.1650.63-1) unstable; urgency=medium * New upstream stable release: - Medium CVE-2013-6634: Session fixation in sync related to 302 redirects. Credit to Andrey Labunets. - High CVE-2013-6635: Use-after-free in editing. Credit to cloudfuzzer. - Medium CVE-2013-6636: Address bar spoofing related to modal dialogs. Credit to Bas Venis. - CVE-2013-6637: Various fixes from internal audits, fuzzing and other initiatives. - Medium CVE-2013-6638: Buffer overflow in v8. This issue was fixed in v8 version 3.22.24.7. Credit to Jakob Kummerow of the Chromium project. - High CVE-2013-6639: Out of bounds write in v8. This issue was fixed in v8 version 3.22.24.7. Credit to Jakob Kummerow of the Chromium project. - Medium CVE-2013-6640: Out of bounds read in v8. This issue was fixed in v8 version 3.22.24.7. Credit to Jakob Kummerow of the Chromium project. -- Michael Gilbert Thu, 05 Dec 2013 14:05:22 +0000 chromium-browser (31.0.1650.57-1) unstable; urgency=medium * New upstream stable release: - Medium-Critical CVE-2013-2931: Various fixes from internal audits, fuzzing and other initiatives. - Medium CVE-2013-6621: Use after free related to speech input elements. Credit to Khalil Zhani. - High CVE-2013-6622: Use after free related to media elements. Credit to cloudfuzzer. - High CVE-2013-6623: Out of bounds read in SVG. Credit to miaubiz. - High CVE-2013-6624: Use after free related to “id” attribute strings. Credit to Jon Butler. - High CVE-2013-6625: Use after free in DOM ranges. Credit to cloudfuzzer. - Low CVE-2013-6626: Address bar spoofing related to interstitial warnings. Credit to Chamal de Silva. - High CVE-2013-6627: Out of bounds read in HTTP parsing. Credit to skylined. - Medium CVE-2013-6628: Issue with certificates not being checked during TLS renegotiation. Credit to Antoine Delignat-Lavaud and Karthikeyan Bhargavan from Prosecco of INRIA Paris. - Medium CVE-2013-6629: Read of uninitialized memory in libjpeg and libjpeg-turbo. Credit to Michal Zalewski of Google. - Medium CVE-2013-6630: Read of uninitialized memory in libjpeg-turbo. Credit to Michal Zalewski of Google. - High CVE-2013-6631: Use after free in libjingle. Credit to Patrik Höglund of the Chromium project. - Critical CVE-2013-6632: Multiple memory corruption issues. Credit to Pinkie Pie. * Disable promos by default (closes: #634101). * Set WANT_TESTS=0 if WANT_TESTS=1 fails (closes: #589654). * Maintain window ordering when new tabs are opened (closes: #725350). * Install chromium-inspector files to /usr/share instead of /usr/lib. * Don't remove third party libraries from the upstream tarball. * Remove non-default compression selections from debian/rules. * Build with breakpad crash reporting. * Fix some lintian warnings. -- Michael Gilbert Wed, 13 Nov 2013 07:44:55 +0000 chromium-browser (30.0.1599.101-3) unstable; urgency=medium * Fix sandbox installation path (closes: #728823). -- Michael Gilbert Thu, 07 Nov 2013 04:24:55 +0000 chromium-browser (30.0.1599.101-2) unstable; urgency=medium * Use system zlib. * Remove arm patches. * Update lintian overrides. * Remove an unsafe symlink. * Remove icu build dependency. * Support poststript printing (closes: #717722). * Use fonts-ipafont instead of ttf-kochi (closes: #725800). -- Michael Gilbert Sat, 02 Nov 2013 21:25:50 +0000 chromium-browser (30.0.1599.101-1) unstable; urgency=low [ Giuseppe Iuculano ] * New stable release: - High CVE-2013-2925: Use after free in XHR. Credit to Atte Kettunen of OUSPG. - High CVE-2013-2926: Use after free in editing. Credit to cloudfuzzer. - High CVE-2013-2927: Use after free in forms. Credit to cloudfuzzer. - CVE-2013-2928: Various fixes from internal audits, fuzzing and other initiatives. - Medium CVE-2013-2906: Races in Web Audio. Credit to Atte Kettunen of OUSPG. - Medium CVE-2013-2907: Out of bounds read in Window.prototype object. Credit to Boris Zbarsky. - Medium CVE-2013-2908: Address bar spoofing related to the "204 No Content" status code. Credit to Chamal de Silva. - High CVE-2013-2909: Use after free in inline-block rendering. Credit to Atte Kettunen of OUSPG. - Medium CVE-2013-2910: Use-after-free in Web Audio. Credit to Byoungyoung Lee of Georgia Tech Information Security Center (GTISC). - High CVE-2013-2911: Use-after-free in XSLT. Credit to Atte Kettunen of OUSPG. - High CVE-2013-2912: Use-after-free in PPAPI. Credit to Chamal de Silva and 41.w4r10r(at)garage4hackers.com. - High CVE-2013-2913: Use-after-free in XML document parsing. Credit to cloudfuzzer. - High CVE-2013-2914: Use after free in the Windows color chooser dialog. Credit to Khalil Zhani. - Low CVE-2013-2915: Address bar spoofing via a malformed scheme. Credit to Wander Groeneveld. - High CVE-2013-2916: Address bar spoofing related to the "204 No Content” status code. Credit to Masato Kinugawa. - Medium CVE-2013-2917: Out of bounds read in Web Audio. Credit to Byoungyoung Lee and Tielei Wang of Georgia Tech Information Security Center (GTISC). - High CVE-2013-2918: Use-after-free in DOM. Credit to Byoungyoung Lee of Georgia Tech Information Security Center (GTISC). - High CVE-2013-2919: Memory corruption in V8. Credit to Adam Haile of Concrete Data. - Medium CVE-2013-2920: Out of bounds read in URL parsing. Credit to Atte Kettunen of OUSPG. - High CVE-2013-2921: Use-after-free in resource loader. Credit to Byoungyoung Lee and Tielei Wang of Georgia Tech Information Security Center (GTISC). - High CVE-2013-2922: Use-after-free in template element. Credit to Jon Butler. - CVE-2013-2923: Various fixes from internal audits, fuzzing and other initiatives (Chrome 30). - Medium CVE-2013-2924: Use-after-free in ICU. Upstream bug here. * [6651f1c] Added chrpath to build-depends * [3c88b20] Refreshed Patches for version 30 * [743a0a6] Make default of third-party cookies the most secure for users. Thanks to Chad Miller * [9507f07] Do not install remoting_locales/en-US.pak * [64b895b] Move chrome_sandbox to chrome-sandbox, chromium reads that file [ Shawn Landden ] * [6d027f1] rules: dpkg compresses .deb files with xz by default now [ Michael Gilbert ] * [18341ce] add some TODO tasks -- Giuseppe Iuculano Mon, 21 Oct 2013 13:06:14 +0200 chromium-browser (29.0.1547.57-3) unstable; urgency=medium * Drop transitional packages (closes: #684369). * Fix another copyright file syntax error. * Remove libav build dependencies. * Fix lintian override syntax. * Fix version control URL. * Use system vpx. -- Michael Gilbert Tue, 27 Aug 2013 01:01:35 +0000 chromium-browser (29.0.1547.57-2) unstable; urgency=medium * Mark chromium-inspector as multi-arch: foreign (closes: #695229). * Use system libpng (closes: #699918). * Fix copyright file syntax error. * Drop implicit g++ dependency. * Add some lintian overrides. * Update my email address. * Remove unsafe symlink. -- Michael Gilbert Sun, 25 Aug 2013 02:15:35 +0000 chromium-browser (29.0.1547.57-1) unstable; urgency=medium [ Michael Gilbert ] * New upstream stable release: - High CVE-2013-2900: Incomplete path sanitization in file handling. Credit to Krystian Bigaj. - Low CVE-2013-2905: Information leak via overly broad permissions on shared memory files. Credit to Christian Jaeger. - High CVE-2013-2901: Integer overflow in ANGLE. Credit to Alex Chapman. - High CVE-2013-2902: Use after free in XSLT. Credit to cloudfuzzer. - High CVE-2013-2903: Use after free in media element. Credit to cloudfuzzer. - High CVE-2013-2904: Use after free in document parsing. Credit to cloudfuzzer. - CVE-2013-2887: Various fixes from internal audits, fuzzing and other initiatives (Chrome 29). * Remove unused webkit layout tests (closes: 720446). * Use source package name for get-orig-source rule. * Remove gfdl documentation (closes: #708860). * Build-depend on git. [ Shawn Landden ] * New standards version. * Use canonical VCS url. * Always use system includes rather than ones of a chroot. -- Michael Gilbert Sat, 24 Aug 2013 20:14:52 +0000 chromium-browser (28.0.1500.95-3) unstable; urgency=medium * Fix placement of -fuse-ld=gold in ldflags. -- Michael Gilbert Thu, 01 Aug 2013 16:38:05 +0000 chromium-browser (28.0.1500.95-2) unstable; urgency=medium * Use -fuse-ld=gold instead of binutils-gold. * Drop libv8-dev build-dependency. -- Michael Gilbert Wed, 31 Jul 2013 20:22:33 +0000 chromium-browser (28.0.1500.95-1) unstable; urgency=medium * New upstream stable release: - Medium CVE-2013-2881: Origin bypass in frame handling. Credit to Karthik Bhargavan. - High CVE-2013-2882: Type confusion in V8. Credit to Cloudfuzzer. - High CVE-2013-2883: Use-after-free in MutationObserver. Credit to Cloudfuzzer. - High CVE-2013-2884: Use-after-free in DOM. Credit to Ivan Fratric of Google Security Team. - High CVE-2013-2885: Use-after-free in input handling. Credit to Ivan Fratric of Google Security Team. - High CVE-2013-2886: Various fixes from internal audits, fuzzing and other initiatives. -- Michael Gilbert Tue, 30 Jul 2013 20:34:19 +0000 chromium-browser (28.0.1500.71-2) unstable; urgency=medium * Disable armhf. * Remove outdated patches. * Eliminate special handling for old compiler versions. -- Michael Gilbert Mon, 15 Jul 2013 18:40:47 +0000 chromium-browser (28.0.1500.71-1) unstable; urgency=medium [ Michael Gilbert ] * New upstream stable release: - Low CVE-2013-2867: Block pop-unders in various scenarios. - High CVE-2013-2879: Confusion setting up sign-in and sync. Credit to Andrey Labunets. - Medium CVE-2013-2868: Incorrect sync of NPAPI extension component. Credit to Andrey Labunets. - Medium CVE-2013-2869: Out-of-bounds read in JPEG2000 handling. Credit to Felix Groebert of Google Security Team. - Critical CVE-2013-2870: Use-after-free with network sockets. Credit to Collin Payne. - Medium CVE-2013-2853: Man-in-the-middle attack against HTTP in SSL. Credit to Antoine Delignat-Lavaud and Karthikeyan Bhargavan from Prosecco at INRIA Paris. - High CVE-2013-2871: Use-after-free in input handling. Credit to miaubiz. - High CVE-2013-2873: Use-after-free in resource loading. Credit to miaubiz. - Medium CVE-2013-2875: Out-of-bounds-read in SVG. Credit to miaubiz. - Medium CVE-2013-2876: Extensions permissions confusion with interstitials. Credit to Dev Akhawe. - Low CVE-2013-2877: Out-of-bounds read in XML parsing. Credit to Aki Helin of OUSPG. - None: Remove the “viewsource” attribute on iframes. Credit to Collin Jackson. - Medium CVE-2013-2878: Out-of-bounds read in text handling. Credit to Atte Kettunen of OUSPG. - High CVE-2013-2880: Various fixes from internal audits, fuzzing and other initiatives. Credit to Chrome 28 team. * Install mksnapshot. [ Shawn Landden ] * Enable armhf. * Build with system libwebp when version >= 0.3.0. -- Michael Gilbert Fri, 12 Jul 2013 15:19:18 +0000 chromium-browser (27.0.1453.110-2) unstable; urgency=low [ Michael Gilbert ] * Use default gcc. * Enable verbose build. * Support gcc 4.8 (closes: #701256). * Disable pie hardening flag due to ffmpeg linking issue. [ Giuseppe Iuculano ] * Remove hardening-wrapper and switch to dpkg-buildflags. -- Michael Gilbert Sun, 07 Jul 2013 20:06:05 +0000 chromium-browser (27.0.1453.110-1) unstable; urgency=low * New stable release: - Medium CVE-2013-2855: Memory corruption in dev tools API. Credit to "daniel.zulla". - High CVE-2013-2856: Use-after-free in input handling. Credit to miaubiz. - High CVE-2013-2857: Use-after-free in image handling. Credit to miaubiz. - High CVE-2013-2858: Use-after-free in HTML5 Audio. Credit to "cdel921". - High CVE-2013-2859: Cross-origin namespace pollution. Credit to "bobbyholley". - High CVE-2013-2860: Use-after-free with workers accessing database APIs. Credit to Collin Payne. - High CVE-2013-2861: Use-after-free with SVG. Credit to miaubiz. - High CVE-2013-2862: Memory corruption in Skia GPU handling. Credit to Atte Kettunen of OUSPG. - Critical CVE-2013-2863: Memory corruption in SSL socket handling. Credit to Sebastien Marchand of the Chromium development community. - High CVE-2013-2864: Bad free in PDF viewer. Credit to Mateusz Jurczyk, with contributions by Gynvael Coldwind, both from Google Security Team. - High CVE-2013-2865: Various fixes from internal audits, fuzzing and other initiatives. -- Giuseppe Iuculano Wed, 05 Jun 2013 17:00:28 +0200 chromium-browser (27.0.1453.93-1) unstable; urgency=low * New stable release: - High CVE-2013-2837: Use-after-free in SVG. Credit to Sławomir Błażek. - Medium CVE-2013-2838: Out-of-bounds read in v8. Credit to Christian Holler. - High CVE-2013-2839: Bad cast in clipboard handling. Credit to Jon of MWR InfoSecurity. - High CVE-2013-2840: Use-after-free in media loader. Credit to Nils of MWR InfoSecurity. - High CVE-2013-2841: Use-after-free in Pepper resource handling. Credit to Chamal de Silva. - High CVE-2013-2842: Use-after-free in widget handling. Credit to Cyril Cattiaux. - High CVE-2013-2843: Use-after-free in speech handling. Credit to Khalil Zhani. - High CVE-2013-2844: Use-after-free in style resolution. Credit to Sachin Shinde (@cons0ul). - High CVE-2013-2845: Memory safety issues in Web Audio. Credit to Atte Kettunen of OUSPG. - High CVE-2013-2846: Use-after-free in media loader. Credit to Chamal de Silva. - High CVE-2013-2847: Use-after-free race condition with workers. Credit to Collin Payne. - Medium CVE-2013-2848: Possible data extraction with XSS Auditor. Credit to Egor Homakov. - Low CVE-2013-2849: Possible XSS with drag+drop or copy+paste. Credit to Mario Heiderich. -- Michael Gilbert Wed, 22 May 2013 03:03:49 +0000 chromium-browser (26.0.1410.43-1) unstable; urgency=medium * New stable release: - High CVE-2013-0916: Use-after-free in Web Audio. Credit to Atte Kettunen of OUSPG. - Low CVE-2013-0917: Out-of-bounds read in URL loader. Credit to Google Chrome Security Team (Cris Neckar). - Low CVE-2013-0918: Do not navigate dev tools upon drag and drop. Credit to Vsevolod Vlasov of the Chromium development community. - Medium CVE-2013-0919: Use-after-free with pop-up windows in extensions. Credit to Google Chrome Security Team (Mustafa Emre Acer). - Medium CVE-2013-0920: Use-after-free in extension bookmarks API. Credit to Google Chrome Security Team (Mustafa Emre Acer). - High CVE-2013-0921: Ensure isolated web sites run in their own processes. - Low CVE-2013-0922: Avoid HTTP basic auth brute force attempts. Credit to “t3553r”. - Medium CVE-2013-0923: Memory safety issues in the USB Apps API. Credit to Google Chrome Security Team (Mustafa Emre Acer). - Low CVE-2013-0924: Check an extension’s permissions API usage again file permissions. Credit to Benjamin Kalman of the Chromium development community. - Low CVE-2013-0925: Avoid leaking URLs to extensions without the tabs permissions. Credit to Michael Vrable of Google. - Medium CVE-2013-0926: Avoid pasting active tags in certain situations. Credit to Subho Halder, Aditya Gupta, and Dev Kar of xys3c. * Use embedded libvpx for vp9 support, which chromium now requires. * Add libspeechd-dev build-dependency. * Disable breakpad crash reporting. -- Michael Gilbert Sat, 30 Mar 2013 14:44:33 +0000 chromium-browser (25.0.1364.160-1) unstable; urgency=high * New stable security release: - High CVE-2013-0912: Type confusion in WebKit. Credit to Nils and Jon of MWR Labs. -- Michael Gilbert Fri, 08 Mar 2013 03:46:20 +0000 chromium-browser (25.0.1364.152-1) unstable; urgency=high * [8761d73] Remove armel and armhf. We cannot support them in wheezy * New stable security release: - High CVE-2013-0902: Use-after-free in frame loader. Credit to Chamal de Silva. - High CVE-2013-0903: Use-after-free in browser navigation handling. Credit to "chromium.khalil". - High CVE-2013-0904: Memory corruption in Web Audio. Credit to Atte Kettunen of OUSPG. - High CVE-2013-0905: Use-after-free with SVG animations. Credit to Atte Kettunen of OUSPG. - High CVE-2013-0906: Memory corruption in Indexed DB. Credit to Google Chrome Security Team (Jüri Aedla). - Medium CVE-2013-0907: Race condition in media thread handling. Credit to Andrew Scherkus of the Chromium development community. - Medium CVE-2013-0908: Incorrect handling of bindings for extension processes. - Low CVE-2013-0909: Referer leakage with XSS Auditor. Credit to Egor Homakov. - Medium CVE-2013-0910: Mediate renderer -> browser plug-in loads more strictly. Credit to Google Chrome Security Team (Chris Evans). - High CVE-2013-0911: Possible path traversal in database handling. Credit to Google Chrome Security Team (Jüri Aedla). -- Giuseppe Iuculano Tue, 05 Mar 2013 11:14:34 +0100 chromium-browser (25.0.1364.97-1) unstable; urgency=low * New stable release: - High CVE-2013-0879: Memory corruption with web audio node. Credit to Atte Kettunen of OUSPG. - High CVE-2013-0880: Use-after-free in database handling. Credit to Chamal de Silva. - Medium CVE-2013-0881: Bad read in Matroska handling. Credit to Atte Kettunen of OUSPG. - High CVE-2013-0882: Bad memory access with excessive SVG parameters. Credit to Renata Hodovan. - Medium CVE-2013-0883: Bad read in Skia. Credit to Atte Kettunen of OUSPG. - Low CVE-2013-0884: Inappropriate load of NaCl. Credit to Google Chrome Security Team (Chris Evans). - Medium CVE-2013-0885: Too many API permissions granted to web store. - Low CVE-2013-0887: Developer tools process has too many permissions and places too much trust in the connected server. - Medium CVE-2013-0888: Out-of-bounds read in Skia. Credit to Google Chrome Security Team (Inferno). - Low CVE-2013-0889: Tighten user gesture check for dangerous file downloads. - High CVE-2013-0890: Memory safety issues across the IPC layer. Credit to Google Chrome Security Team (Chris Evans). - High CVE-2013-0891: Integer overflow in blob handling. Credit to Google Chrome Security Team (Jüri Aedla). - Medium CVE-2013-0892: Lower severity issues across the IPC layer. Credit to Google Chrome Security Team (Chris Evans). - Medium CVE-2013-0893: Race condition in media handling. Credit to Andrew Scherkus of the Chromium development community. - High CVE-2013-0894: Buffer overflow in vorbis decoding. Credit to Google Chrome Security Team (Inferno). - High CVE-2013-0895: Incorrect path handling in file copying. Credit to Google Chrome Security Team (Jüri Aedla). - High CVE-2013-0896: Memory management issues in plug-in message handling. Credit to Google Chrome Security Team (Cris Neckar). - High CVE-2013-0898: Use-after-free in URL handling. Credit to Alexander Potapenko of the Chromium development community. - Low CVE-2013-0899: Integer overflow in Opus handling. Credit to Google Chrome Security Team (Jüri Aedla). - Medium CVE-2013-0900: Race condition in ICU. Credit to Google Chrome Security Team (Inferno). * [a5f15ae] Added libpci-dev to B-depends * [ace2b7a] Refreshed patches * [32c84fa] Install remoting_locales * [f868804] Do not enable NEON on ARM, thanks Ubuntu. * [d1a3e36] Ignore stamp files in missing checks -- Giuseppe Iuculano Sat, 23 Feb 2013 11:45:07 +0100 chromium-browser (24.0.1312.68-1) unstable; urgency=high * New stable release: - High CVE-2013-0839: Use-after-free in canvas font handling. Credit to Atte Kettunen of OUSPG. - Medium CVE-2013-0840: Missing URL validation when opening new windows. - High CVE-2013-0841: Unchecked array index in content blocking. Credit to Google Chrome Security Team (Chris Evans). - Medium CVE-2013-0842: Problems with NULL characters embedded in paths. Credit to Google Chrome Security Team (Jüri Aedla). - High CVE-2012-5145: Use-after-free in SVG layout. Credit to Atte Kettunen of OUSPG. - High CVE-2012-5146: Same origin policy bypass with malformed URL. Credit to Erling A Ellingsen and Subodh Iyengar, both of Facebook. - High CVE-2012-5147: Use-after-free in DOM handling. Credit to José A. Vázquez. - Medium CVE-2012-5148: Missing filename sanitization in hyphenation support. Credit to Google Chrome Security Team (Justin Schuh). - High CVE-2012-5149: Integer overflow in audio IPC handling. Credit to Google Chrome Security Team (Chris Evans). - High CVE-2012-5150: Use-after-free when seeking video. Credit to Google Chrome Security Team (Inferno). - High CVE-2012-5151: Integer overflow in PDF JavaScript. Credit to Mateusz Jurczyk, with contribution from Gynvael Coldwind, both of Google Security Team. - Medium CVE-2012-5152: Out-of-bounds read when seeking video. Credit to Google Chrome Security Team (Inferno). - High CVE-2012-5153: Out-of-bounds stack access in v8. Credit to Andreas Rossberg of the Chromium development community. - High CVE-2013-0829: Corruption of database metadata leading to incorrect file access. Credit to Google Chrome Security Team (Jüri Aedla). - Low CVE-2013-0831: Possible path traversal from extension process. Credit to Google Chrome Security Team (Tom Sepez). - [160380] Medium CVE-2013-0832: Use-after-free with printing. Credit to Google Chrome Security Team (Cris Neckar). - Medium CVE-2013-0833: Out-of-bounds read with printing. Credit to Google Chrome Security Team (Cris Neckar). - Medium CVE-2013-0834: Out-of-bounds read with glyph handling. Credit to Google Chrome Security Team (Cris Neckar). - Low CVE-2013-0835: Browser crash with geolocation. Credit to Arthur Gerkis. - High CVE-2013-0836: Crash in v8 garbage collection. Credit to Google Chrome Security Team (Cris Neckar). - Medium CVE-2013-0837: Crash in extension tab handling. Credit to Tom Nielsen. - Low CVE-2013-0838: Tighten permissions on shared memory segments. Credit to Google Chrome Security Team (Chris Palmer). - High CVE-2012-5139: Use-after-free with visibility events. Credit to Chamal de Silva. - High CVE-2012-5140: Use-after-free in URL loader. Credit to Chamal de Silva. - Medium CVE-2012-5141: Limit Chromoting client plug-in instantiation. Credit to Google Chrome Security Team (Jüri Aedla). - Critical CVE-2012-5142: Crash in history navigation. Credit to Michal Zalewski of Google Security Team. - Medium CVE-2012-5143: Integer overflow in PPAPI image buffers. Credit to Google Chrome Security Team (Cris Neckar). - High CVE-2012-5144: Stack corruption in AAC decoding. Credit to pawlkt. - High CVE-2012-5138: Incorrect file path handling. Credit to Google Chrome Security Team (Jüri Aedla). - High CVE-2012-5137: Use-after-free in media source handling. Credit to Pinkie Pie. - High CVE-2012-5133: Use-after-free in SVG filters. Credit to miaubiz. - Medium CVE-2012-5130: Out-of-bounds read in Skia. Credit to Atte Kettunen of OUSPG. - Low CVE-2012-5132: Browser crash with chunked encoding. Credit to Attila Szász. - High CVE-2012-5134: Buffer underflow in libxml. Credit to Google Chrome Security Team (Jüri Aedla). - Medium CVE-2012-5135: Use-after-free with printing. Credit to Fermin Serna of Google Security Team. - Medium CVE-2012-5136: Bad cast in input element handling. Credit to Google Chrome Security Team (Inferno). - Medium CVE-2012-5127: Integer overflow leading to out-of-bounds read in WebP handling. Credit to Phil Turnbull. - [Linux 64-bit only] Medium CVE-2012-5120: Out-of-bounds array access in v8. Credit to Atte Kettunen of OUSPG. - High CVE-2012-5116: Use-after-free in SVG filter handling. Credit to miaubiz. - High CVE-2012-5121: Use-after-free in video layout. Credit to Atte Kettunen of OUSPG. - Low CVE-2012-5117: Inappropriate load of SVG subresource in img context. Credit to Felix Gröbert of the Google Security Team. - Medium CVE-2012-5119: Race condition in Pepper buffer handling. Credit to Fermin Serna of the Google Security Team. - Medium CVE-2012-5122: Bad cast in input handling. Credit to Google Chrome Security Team (Inferno). - Medium CVE-2012-5123: Out-of-bounds reads in Skia. Credit to Google Chrome Security Team (Inferno). - High CVE-2012-5124: Memory corruption in texture handling. Credit to Al Patrick of the Chromium development community. - Medium CVE-2012-5125: Use-after-free in extension tab handling. Credit to Alexander Potapenko of the Chromium development community. - Medium CVE-2012-5126: Use-after-free in plug-in placeholder handling. Credit to Google Chrome Security Team (Inferno). - High CVE-2012-5128: Bad write in v8. Credit to Google Chrome Security Team (Cris Neckar). * [574d76c] Override the lintian flag: embedded-library usr/lib/chromium/libffmpegsumo.so: libavcodec * [3105012] Updated changelog * [ac9c032] Use explicit library dependencies instead of dlopen * [1ad217c] Fixed CHANNELS_URL * [7c2d359] Drop SCM revision from the version * [ca31c0c] Install all chromium libs * [167aea7] Use internal copy of libpng. This is necessary because with system libpng render process is consuming 100% CPU (see http://code.google.com/p/chromium/issues/detail?id=174603) * [8742d82] debian/patches/pulse_ftbfs.patch: Fix FTBFS * [9e76ec7] Refreshed patches * [1c6f4c3] Use Debian api key * [cdf5c74] Refreshed patches * [ad9480c] Remove useless embedded copy of documentation from source containing non DFSG-compliant material: - src/native_client/toolchain/linux_x86/info - src/native_client/toolchain/linux_x86/man - src/native_client/toolchain/linux_x86/share/info - src/native_client/toolchain/linux_x86/x86_64-nacl/share/info - src/native_client/toolchain/linux_x86_newlib/info - src/native_client/toolchain/linux_x86_newlib/man - src/native_client/toolchain/linux_x86_newlib/share/info (Closes: #695703) * [31ea388] Fixed Homepage field. Thanks to Dmitry Shachnev (Closes: #686561) * [d509e07] Override the lintian flag: embedded-library usr/lib/chromium/chromium: libpng -- Giuseppe Iuculano Wed, 06 Feb 2013 15:34:17 +0100 chromium-browser (22.0.1229.94~r161065-3) unstable; urgency=medium * Use system vpx library again (resolves armel build failures). -- Michael Gilbert Sun, 28 Oct 2012 00:55:58 -0400 chromium-browser (22.0.1229.94~r161065-2) unstable; urgency=medium * [574d76c] Override the lintian flag: embedded-library usr/lib/chromium/libffmpegsumo.so: libavcodec -- Giuseppe Iuculano Tue, 23 Oct 2012 17:51:56 +0200 chromium-browser (22.0.1229.94~r161065-1) unstable; urgency=medium * New stable release: - High CVE-2012-2889: UXSS in frame handling. Credit to Sergey Glazunov. - High CVE-2012-2886: UXSS in v8 bindings. Credit to Sergey Glazunov. - High CVE-2012-2881: DOM tree corruption with plug-ins. Credit to Chamal de Silva. - High CVE-2012-2876: Buffer overflow in SSE2 optimizations. Credit to Atte Kettunen of OUSPG. - High CVE-2012-2883: Out-of-bounds write in Skia. Credit to Atte Kettunen of OUSPG. - High CVE-2012-2887: Use-after-free in onclick handling. Credit to Atte Kettunen of OUSPG. - High CVE-2012-2888: Use-after-free in SVG text references. Credit to miaubiz. - High CVE-2012-2894: Crash in graphics context handling. Credit to Sławomir Błażek. - Medium CVE-2012-2877: Browser crash with extensions and modal dialogs. Credit to Nir Moshe. - Low CVE-2012-2879: DOM topology corruption. Credit to pawlkt. - Medium CVE-2012-2884: Out-of-bounds read in Skia. Credit to Atte Kettunen of OUSPG. - High CVE-2012-2874: Out-of-bounds write in Skia. Credit to Google Chrome Security Team (Inferno). - High CVE-2012-2878: Use-after-free in plug-in handling. Credit to Fermin Serna of Google Security Team. - Medium CVE-2012-2880: Race condition in plug-in paint buffer. Credit to Google Chrome Security Team (Cris Neckar). - High CVE-2012-2882: Wild pointer in OGG container handling. Credit to Google Chrome Security Team (Inferno). - Medium CVE-2012-2885: Possible double free on exit. Credit to the Chromium development community. - Low CVE-2012-2891: Address leak over IPC. Credit to Lei Zhang of the Chromium development community. - Low CVE-2012-2892: Pop-up block bypass. Credit to Google Chrome Security Team (Cris Neckar). - High CVE-2012-2893: Double free in XSL transforms. Credit to Google Chrome Security Team (Cris Neckar). - High CVE-2012-2900: Crash in Skia text rendering. Credit to Atte Kettunen of OUSPG. - Critical CVE-2012-5108: Race condition in audio device handling. Credit to Atte Kettunen of OUSPG. - Medium CVE-2012-5109: OOB read in ICU regex. Credit to Arthur Gerkis. - Medium CVE-2012-5110: Out-of-bounds read in compositor. Credit to Google Chrome Security Team (Inferno). - Low CVE-2012-5111: Plug-in crash monitoring was missing for Pepper plug-ins. Credit to Google Chrome Security Team (Chris Evans). - Critical CVE-2012-5112: SVG use-after-free and IPC arbitrary file write. Credit to Pinkie Pie. * [3de18b6] Use zlib internal copy. This is necessary due to the CRIME work around. We can use the system zlib when chrome will remove SPDY 2/3 support. * [3b9811a] Updated patches * [152902d] Install libvpx_obj_int_extract -- Giuseppe Iuculano Mon, 01 Oct 2012 15:22:27 +0200 chromium-browser (21.0.1180.89~r154005-1) unstable; urgency=high * New stable security release: - Medium CVE-2012-2865: Out-of-bounds read in line breaking. Credit to miaubiz. - High CVE-2012-2866: Bad cast with run-ins. Credit to miaubiz. - Low CVE-2012-2867: Browser crash with SPDY. - Medium CVE-2012-2868: Race condition with workers and XHR. Credit to miaubiz. - High CVE-2012-2869: Avoid stale buffer in URL loading. Credit to Fermin Serna of the Google Security Team. - Low CVE-2012-2870: Lower severity memory management issues in XPath. Credit to Nicolas Gregoire. - High CVE-2012-2871: Bad cast in XSL transforms. Credit to Nicolas Gregoire. - Medium CVE-2012-2872: XSS in SSL interstitial. Credit to Emmanuel Bronshtein. -- Giuseppe Iuculano Fri, 31 Aug 2012 11:24:58 +0200 chromium-browser (21.0.1180.75~r150248-1) unstable; urgency=medium [ Shawn Landden ] * [b7c6ba3] update changelog to record changes in last upload * [3c6a149] master_prefs: don't go straight to internet, don't prompt to change default browser * [e441276] initial_bookmarks.html: add Debian support page * [2bb621a] compress source tarball as xz (Closes: #676774) [ Giuseppe Iuculano ] * New stable minor release fixing the following issues: - REGRESSION: Rendering difference in Chrome 21 and 22 that affected on Persian Wikipedia - Some known crashes - Audio objects are not "switched" immediately - Print and Print Preview ignore paper size default in printer config - Candidate windows is shown in wrong place in Retina display - more of the choppy and distorted audio issues - Japanese characters showing in Chinese font - Sync invalidation notification broken after restart -- Giuseppe Iuculano Fri, 10 Aug 2012 17:31:57 +0200 chromium-browser (21.0.1180.57~r148591-1) unstable; urgency=medium [ Giuseppe Iuculano ] * [fd04758] Install demo extension * New upstream stable release: - Medium CVE-2012-2846: Cross-process interference in renderers. Credit to Google Chrome Security Team (Julien Tinnes). - Low CVE-2012-2847: Missing re-prompt to user upon excessive downloads. Credit to Matt Austin of Aspect Security. - Medium CVE-2012-2848: Overly broad file access granted after drag+drop. Credit to Matt Austin of Aspect Security. - Low CVE-2012-2849: Off-by-one read in GIF decoder. Credit to Atte Kettunen of OUSPG. - Medium CVE-2012-2853: webRequest can interfere with the Chrome Web Store. Credit to Trev of Adblock. - Low CVE-2012-2854: Leak of pointer values to WebUI renderers. Credit to Nasko Oskov of the Chromium development community. - High CVE-2012-2855: Use-after-free in PDF viewer. Credit to Mateusz Jurczyk of Google Security Team, with contributions by Gynvael Coldwind of Google Security Team. - High CVE-2012-2857: Use-after-free in CSS DOM. Credit to - Arthur Gerkis. - High CVE-2012-2858: Buffer overflow in WebP decoder. Credit to Jüri Aedla. - Critical CVE-2012-2859: Crash in tab handling. Credit to Jeff Roberts of Google Security Team. - Medium CVE-2012-2860: Out-of-bounds access when clicking in date picker. Credit to Chamal de Silva. [ Shawn Landden ] * [0d2e43a9] Switch to xz/lzma2 compression for debs. (from lzma) * [e3e9a801] replace incorrect prefs.patch with patch from OpenSUSE * [faed2b9e] /etc/chromium/master_preferences: don't bug user for Google account. -- Giuseppe Iuculano Tue, 07 Aug 2012 10:55:17 +0200 chromium-browser (20.0.1132.57~r145807-1) unstable; urgency=medium [ Michael Gilbert ] * New ustream stable security release: - [129898] High CVE-2012-2842: Use-after-free in counter handling. Credit to miaubiz. - [130595] High CVE-2012-2843: Use-after-free in layout height tracking. Credit to miaubiz. - [133450] High CVE-2012-2844: Bad object access with JavaScript in PDF. Credit to Alexey Samsonov of Google. [ Shawn Landden ] * Revert "Do not use binutils-gold in armel and armhf". * Update vpx patch to use system headers (Closes: #674728). * Fixup skia fixup for Fri, 13 Jul 2012 15:31:11 -0400 chromium-browser (20.0.1132.43~r143823-1) unstable; urgency=high * New stable release - Low CVE-2012-2815: Leak of iframe fragment id. Credit to Elie Bursztein of Google. - High CVE-2012-2817: Use-after-free in table section handling. Credit to miaubiz. - High CVE-2012-2818: Use-after-free in counter layout. Credit to miaubiz. - High CVE-2012-2819: Crash in texture handling. Credit to Ken "gets" Russell of the Chromium development community. - Medium CVE-2012-2820: Out-of-bounds read in SVG filter handling. Credit to Atte Kettunen of OUSPG. - Medium CVE-2012-2821: Autofill display problem. Credit to "simonbrown60" - High CVE-2012-2823: Use-after-free in SVG resource handling. Credit to miaubiz. - High CVE-2012-2824: Use-after-free in SVG painting. Credit to miaubiz. - Medium CVE-2012-2826: Out-of-bounds read in texture conversion. Credit to Google Chrome Security Team (Inferno). - High CVE-2012-2829: Use-after-free in first-letter handling. Credit to miaubiz. - High CVE-2012-2830: Wild pointer in array value setting. Credit to miaubiz. - [130356] High CVE-2012-2831: Use-after-free in SVG reference handling. Credit to miaubiz. - High CVE-2012-2834: Integer overflow in Matroska container. Credit to Jüri Aedla. -- Giuseppe Iuculano Sat, 30 Jun 2012 14:33:40 +0200 chromium-browser (20.0.1132.41~r143299-1) unstable; urgency=medium * [98cf55e] Do not use binutils-gold in armel and armhf * New beta release -- Giuseppe Iuculano Fri, 22 Jun 2012 16:41:48 +0200 chromium-browser (20.0.1132.34~r141824-1) unstable; urgency=low * [29f002e] Add -DUSE_EABI_HARDFLOAT in gyp defines for armhf * [3a003ca] Added some armel and armhf patches. Thanks to Shawn * [2f15044] Search te correct icon when minimised. Thanks to Jonathan Nieder (Closes: #651455) -- Giuseppe Iuculano Wed, 20 Jun 2012 19:05:50 +0200 chromium-browser (20.0.1132.27~r140692-2) unstable; urgency=low * [c0e9499] Improved sqlite patch. Thanks to Andrew Chant (Closes: #676636) * [62d276b] Backported: Use 32-byte alignment in AudioArray if using WEBAUDIO_FFMPEG https://bugs.webkit.org/show_bug.cgi?id=87430 * [1183b6a] Added -DUSE_EABI_HARDFLOAT for armhf -- Giuseppe Iuculano Wed, 13 Jun 2012 13:21:26 +0200 chromium-browser (20.0.1132.27~r140692-1) unstable; urgency=low * New beta release. * [e2adf90] Applied sqlite patch and fixed omnibox crash (Closes: #676636) * [69cc508] Define arm_float_abi=soft for armel and arm_float_abi=hard for armhf -- Giuseppe Iuculano Mon, 11 Jun 2012 17:54:51 +0200 chromium-browser (20.0.1132.21~r139451-3) unstable; urgency=low * Upload to unstable. -- Giuseppe Iuculano Wed, 06 Jun 2012 10:29:58 +0200 chromium-browser (20.0.1132.21~r139451-2) experimental; urgency=low * [1de8e21] Build depends on binutils-gold also in armel and armhf * [5890c9b] Do not use third_party/gold as the linker. (Closes: #675563) * [e883861] Strip third_party/gold from upstream tarball. Thanks to Andrew Chant * [c9ac368] Use gcc 4.7 * [7f1ad3e] link against libgnome-keyring instead of using dlopen() * [57f6712] Added gcc 4.7 patch * [2be55e4] Use GConf and GIO -- Giuseppe Iuculano Sun, 03 Jun 2012 17:01:46 +0200 chromium-browser (20.0.1132.21~r139451-1) experimental; urgency=low [ Jonathan Nieder ] * [70fc5ec] Refresh patches and add descriptions [ Giuseppe Iuculano ] * [8cb8e89] Use gcc 4.6 for the moment (Closes: #671994) [ Jonathan Nieder ] * [cd6baae] Build-Depends: g++-4.6 * [09908a2] Remove workaround for bug #651912, which seems to have been fixed in libnspr (Closes: #661948) * [58d631d] Remove hardcoded versioned dependency on libnss3-1d * [c9e2e81] Require nspr4 >= 2:4.9-2 (Closes: #651912) [ Giuseppe Iuculano ] * [150b326] Added libssl-dev in B-depends * [88ff66a] Refreshed patches * [7e7de0c] Disable tcmalloc, use internal copy of ffmpeg and libv8 * [ca0f508] Updated patches * [1343b0c] Fixed floating point exception in protobuf internal copy. Thanks to Andrew Chant * [2b62b38] Disable protobuf patch * [cae4c9c] updated vpx patch * [7233f03] Start to fix build issues with gcc 4.7 * [b4e5b1d] Fix FTBFS when compiling with pulseaudio support * [235e171] install all .pak files -- Giuseppe Iuculano Fri, 01 Jun 2012 15:36:07 +0200 chromium-browser (18.0.1025.168~r134367-1) unstable; urgency=low * New stable release: - High CVE-2011-3078: Use after free in floats handling. Credit to Google Chrome Security Team (Marty Barbella) and independent later discovery by miaubiz. - High CVE-2012-1521: Use after free in xml parser. Credit to Google Chrome Security Team (SkyLined) and independent later discovery by wushi of team509 reported through iDefense VCP (V-874rcfpq7z). - Medium CVE-2011-3079: IPC validation failure. Credit to PinkiePie. - Medium CVE-2011-3080: Race condition in sandbox IPC. Credit to Willem Pinckaers of Matasano. - High CVE-2011-3081: Use after free in floats handling. Credit to miaubiz -- Giuseppe Iuculano Wed, 02 May 2012 09:30:45 +0200 chromium-browser (18.0.1025.151~r130497-1) unstable; urgency=medium * new stable release: - [106577] Medium CVE-2011-3066: Out-of-bounds read in Skia clipping. Credit to miaubiz. - [117583] Medium CVE-2011-3067: Cross-origin iframe replacement. Credit to Sergey Glazunov. - [117698] High CVE-2011-3068: Use-after-free in run-in handling. Credit to miaubiz. - [117728] High CVE-2011-3069: Use-after-free in line box handling. Credit to miaubiz. - [118185] High CVE-2011-3070: Use-after-free in v8 bindings. Credit to Google Chrome Security Team (SkyLined). - [118273] High CVE-2011-3071: Use-after-free in HTMLMediaElement. Credit to pa_kt, reporting through HP TippingPoint ZDI (ZDI-CAN-1528). - [118467] Low CVE-2011-3072: Cross-origin violation parenting pop-up window. Credit to Sergey Glazunov. - [118593] High CVE-2011-3073: Use-after-free in SVG resource handling. Credit to Arthur Gerkis. - [119281] Medium CVE-2011-3074: Use-after-free in media handling. Credit to Sławomir Błażek. - [119525] High CVE-2011-3075: Use-after-free applying style command. Credit to miaubiz. - [120037] High CVE-2011-3076: Use-after-free in focus handling. Credit to miaubiz. - [120189] Medium CVE-2011-3077: Read-after-free in script bindings. Credit to Google Chrome Security Team (Inferno). * [85dfed9] build-depend on libglewmx-dev instead of versioned libglewmx1.5-dev * medium urgency for security fixes -- Michael Gilbert Thu, 05 Apr 2012 16:43:11 -0400 chromium-browser (18.0.1025.142~r129054-1) unstable; urgency=low * New stable release: - [109574] Medium CVE-2011-3058: Bad interaction possibly leading to XSS in EUC-JP. Credit to Masato Kinugawa. - [112317] Medium CVE-2011-3059: Out-of-bounds read in SVG text handling. Credit to Arthur Gerkis. - [114056] Medium CVE-2011-3060: Out-of-bounds read in text fragment handling. Credit to miaubiz. - [116398] Medium CVE-2011-3061: SPDY proxy certificate checking error. Credit to Leonidas Kontothanassis of Google. - [116524] High CVE-2011-3062: Off-by-one in OpenType Sanitizer. Credit to Mateusz Jurczyk of the Google Security Team. - [117417] Low CVE-2011-3063: Validate navigation requests from the renderer more carefully. Credit to kuzzcc, Sergey Glazunov, PinkiePie and scarybeasts (Google Chrome Security Team). - [117471] High CVE-2011-3064: Use-after-free in SVG clipping. Credit to Atte Kettunen of OUSPG. - [117588] High CVE-2011-3065: Memory corruption in Skia. Credit to Omair. - [117794] Medium CVE-2011-3057: Invalid read in v8. Credit to Christian Holler. * [19c4b51] include glib.h directly (closes: #666640) * [d6e7094] remove .tmp files on clean * [fd014ca] fix pulseaudio messageloop comparisons * [6984cf7] build-depend on svn (required for upstream depot_tools checkout) * [aae52af] refresh patches * [102f9b7] depend on libv8 >= 3.8 * [bbd5511] build-depend on libudev-dev -- Michael Gilbert Sun, 01 Apr 2012 20:02:53 -0400 chromium-browser (17.0.963.83~r127885-1) unstable; urgency=high * New stable release: - CVE-2011-3050: Use-after-free with first-letter handling. Credit to miaubiz. - CVE-2011-3051: Use-after-free in CSS cross-fade handling. Credit to Arthur Gerkis. - CVE-2011-3052: Memory corruption in WebGL canvas handling. Credit to Ben Vanik of Google. - CVE-2011-3053: Use-after-free in block splitting. Credit to miaubiz. - Low CVE-2011-3054: Apply additional isolations to webui privileges. Credit to Sergey Glazunov. - CVE-2011-3055: Prompt in the browser native UI for unpacked extension installation. Credit to PinkiePie. - High CVE-2011-3056: Cross-origin violation with "magic iframe". Credit to Sergey Glazunov. - Low CVE-2011-3049: Extension web request API can interfere with system requests. Credit to Michael Gundlach. - CVE-2011-3047: Errant plug-in load and GPU process memory corruption. Credit to PinkiePie. -- Giuseppe Iuculano Fri, 23 Mar 2012 09:45:08 +0100 chromium-browser (17.0.963.78~r125577-1) unstable; urgency=high * New stable release fixed issue found at Google's Pwnium competition: - CVE-2011-3046: UXSS and bad history navigation. Credit to Sergey Glazunov. -- Giuseppe Iuculano Thu, 08 Mar 2012 23:41:39 +0100 chromium-browser (17.0.963.66~r124982-1) unstable; urgency=high [ Jonathan Nieder ] * [78437ab] Depend on libpng-dev instead of libpng12-dev at build time (Closes: #662287) [ Giuseppe Iuculano ] * New stable release: - High CVE-2011-3031: Use-after-free in v8 element wrapper. Credit to Chamal de Silva. - High CVE-2011-3032: Use-after-free in SVG value handling. Credit to Arthur Gerkis. - High CVE-2011-3033: Buffer overflow in the Skia drawing library. Credit to Aki Helin of OUSPG. - High CVE-2011-3034: Use-after-free in SVG document handling. Credit to Arthur Gerkis. - High CVE-2011-3035: Use-after-free in SVG use handling. Credit to Arthur Gerkis. - High CVE-2011-3036: Bad cast in line box handling. Credit to miaubiz. - High CVE-2011-3037: Bad casts in anonymous block splitting. Credit to miaubiz. - High CVE-2011-3038: Use-after-free in multi-column handling. Credit to miaubiz. - High CVE-2011-3039: Use-after-free in quote handling. Credit to miaubiz. - Medium CVE-2011-3040: Out-of-bounds read in text handling. Credit to miaubiz. - High CVE-2011-3041: Use-after-free in class attribute handling. Credit to miaubiz. - High CVE-2011-3042: Use-after-free in table section handling. Credit to miaubiz. - High CVE-2011-3043: Use-after-free in flexbox with floats. Credit to miaubiz. - High CVE-2011-3044: Use-after-free with SVG animation elements. Credit to Arthur Gerkis. -- Giuseppe Iuculano Wed, 07 Mar 2012 17:21:51 +0100 chromium-browser (17.0.963.56~r121963-1) unstable; urgency=high [ Michael Gilbert ] * [5c3bb1e] remove duplicate dependency on libgconf2-dev * [a978400] exclude .git directories from upstream tarball * [d29d859] add descriptions to patches * [52af88b] update debian/copyright field to adhere to latest DEP5 specification * [f3b7ba9] update patches for chromium 17 * [4634823] install content_resources.pak * [e7883c9] depend on libv8 >= 3.7 * [dd4fe7d] use pulseaudio [ Giuseppe Iuculano ] * [826649a] Fix FTBFS on armel and added armhf. Thanks to Riku Voipio (Closes: #632119) * [e9ac7ab] Link against system vpx (Closes: #642760) * [b88a849] Remove ardcoded dependency on libvpx0 (Closes: #660159) * [9dec8df] Updated patches * New stable release: - Medium CVE-2011-3016: Read-after-free with counter nodes. Credit to miaubiz. - High CVE-2011-3017: Possible use-after-free in database handling. Credit to miaubiz. - High CVE-2011-3018: Heap overflow in path rendering. Credit to Aki Helin of OUSPG. - High CVE-2011-3019: Heap buffer overflow in MKV handling. Credit to Google Chrome Security Team (scarybeasts) and Mateusz Jurczyk / Gynvael Coldwind of the Google Security Team. - Medium CVE-2011-3020: Native client validator error. Credit to Nick Bray of the Chromium development community. - High CVE-2011-3021: Use-after-free in subframe loading. Credit to Arthur Gerkis. - Medium CVE-2011-3022: Inappropriate use of http for translation script. Credit to Google Chrome Security Team (Jorge Obes). - Medium CVE-2011-3023: Use-after-free with drag and drop. Credit to pa_kt. - Low CVE-2011-3024: Browser crash with empty x509 certificate. Credit to chrometot. - Medium CVE-2011-3025: Out-of-bounds read in h.264 parsing. Credit to Sławomir Błażek. - High CVE-2011-3026: Integer overflow / truncation in libpng. Credit to Jüri Aedla. - High CVE-2011-3027: Bad cast in column handling. Credit to miaubiz - Low CVE-2011-3953: Avoid clipboard monitoring after paste event. Credit to Daniel Cheng of the Chromium development community. - Low CVE-2011-3954: Crash with excessive database usage. Credit to Collin Payne. - High CVE-2011-3955: Crash aborting an IndexDB transaction. Credit to David Grogan of the Chromium development community. - Low CVE-2011-3956: Incorrect handling of sandboxed origins inside extensions. Credit to Devdatta Akhawe, UC Berkeley. - High CVE-2011-3958: Bad casts with column spans. Credit to miaubiz. - High CVE-2011-3959: Buffer overflow in locale handling. Credit to Aki Helin of OUSPG. - Medium CVE-2011-3960: Out-of-bounds read in audio decoding. Credit to Aki Helin of OUSPG. - Critical CVE-2011-3961: Race condition after crash of utility process. Credit to Shawn Goertzen. - Medium CVE-2011-3962: Out-of-bounds read in path clipping. Credit to Aki Helin of OUSPG. - Low CVE-2011-3964: URL bar confusion after drag + drop. Credit to Code Audit Labs of VulnHunt.com. - Low CVE-2011-3965: Crash in signature check. Credit to Sławomir Błażek. - High CVE-2011-3966: Use-after-free in stylesheet error handling. Credit to Aki Helin of OUSPG. - Low CVE-2011-3967: Crash with unusual certificate. Credit to Ben Carrillo. - High CVE-2011-3968: Use-after-free in CSS handling. Credit to Arthur Gerkis. - High CVE-2011-3969: Use-after-free in SVG layout. Credit to Arthur Gerkis. - Medium CVE-2011-3970: Out-of-bounds read in libxslt. Credit to Aki Helin of OUSPG. - High CVE-2011-3971: Use-after-free with mousemove events. Credit to Arthur Gerkis. - Medium CVE-2011-3972: Out-of-bounds read in shader translator. Credit to Google Chrome Security Team (Inferno). -- Giuseppe Iuculano Sun, 19 Feb 2012 20:29:17 +0100 chromium-browser (16.0.912.77~r118311-1) unstable; urgency=high [ Jonathan Nieder ] * [b9c1859] fix path in Ubuntu-specific build rules. Thanks to Michael Kuhn (Closes: #655521) [ Giuseppe Iuculano ] * [c6132fa] Fix FTBFS with libav 0.8 (Closes: #654215) * New stable release: - High CVE-2011-3924: Use-after-free in DOM selections. Credit to Arthur Gerkis. - Critical CVE-2011-3925: Use-after-free in Safe Browsing navigation. Credit to Chamal de Silva. - High CVE-2011-3928: Use-after-free in DOM handling. Credit to wushi of team509 reported through ZDI (ZDI-CAN-1415). - High CVE-2011-3927: Uninitialized value in Skia. Credit to miaubiz. - High CVE-2011-3926: Heap-buffer-overflow in tree builder. Credit to Arthur Gerkis. -- Giuseppe Iuculano Thu, 26 Jan 2012 10:57:28 +0100 chromium-browser (16.0.912.75~r116452-1) unstable; urgency=low * New stable version: - High CVE-2011-3921: Use-after-free in animation frames. Credit to Boris Zbarsky of Mozilla. - High CVE-2011-3919: Heap-buffer-overflow in libxml. Credit to Jüri Aedla. - High CVE-2011-3922: Stack-buffer-overflow in glyph handling. Credit to Google Chrome Security Team (Cris Neckar). -- Giuseppe Iuculano Mon, 09 Jan 2012 10:30:41 +0100 chromium-browser (16.0.912.63~r113337-1) unstable; urgency=low [ Giuseppe Iuculano ] * New stable version: - Medium CVE-2011-3903: Out-of-bounds read in regex matching. Credit to David Holloway of the Chromium development community. - Low CVE-2011-3905: Out-of-bounds reads in libxml. Credit to Google Chrome Security Team (Inferno). - Medium CVE-2011-3906: Out-of-bounds read in PDF parser. Credit to Aki Helin of OUSPG. - High CVE-2011-3907: URL bar spoofing with view-source. Credit to Luka Treiber of ACROS Security. - Low CVE-2011-3908: Out-of-bounds read in SVG parsing. Credit to Aki Helin of OUSPG. - Medium CVE-2011-3909: [64-bit only] Memory corruption in CSS property array. Credit to Google Chrome Security Team (scarybeasts) and Chu. - Medium CVE-2011-3910: Out-of-bounds read in YUV video frame handling. Credit to Google Chrome Security Team (Cris Neckar). - High CVE-2011-3912: Use-after-free in SVG filters. Credit to Arthur Gerkis. - High CVE-2011-3913: Use-after-free in Range handling. Credit to Arthur Gerkis. - High CVE-2011-3914: Out-of-bounds write in v8 i18n handling. Credit to Sławomir Błażek. - High CVE-2011-3915: Buffer overflow in PDF font handling. Credit to Atte Kettunen of OUSPG. - Medium CVE-2011-3917: Stack-buffer-overflow in FileWatcher. Credit to Google Chrome Security Team (Marty Barbella). - High CVE-2011-3904: Use-after-free in bidi handling. Credit to Google Chrome Security Team (Inferno) and miaubiz. * [5299644] Update patches for v16 [ Michael Gilbert ] * [ce38c6a] depend on gyp >= r1119 * [d4236b8] fix upstream channel naming in source readme * [3683f5d] refresh nss-workaround.patch and system_v8.patch * [4c18347] add myself to uploaders -- Giuseppe Iuculano Sun, 01 Jan 2012 13:45:54 +0100 chromium-browser (15.0.874.121~r109964-1) unstable; urgency=high [ Jonathan Nieder ] * [f67eee0] chromium-inspector: Recommend chromium (>= 10) to avoid pulling in chromium-bsu * [4de64d5] Use /etc/debian_version, not `lsb_release -sr`, to populate BUILD_DIST * [7dba3cb] Permit '/' in Debian release names (Closes: #644526) * [aa996fe] Unbreak get-orig-source in non-C locales by using "svn log --xml" instead of "svn info" [ Giuseppe Iuculano ] * [dc3b8be] Revert "Merge 104421 - Fix library paths for preloading NSS on Ubuntu 11.10." Thanks to Jonathan Nieder (Closes: #647992) * [d729967] Use system v8 * New stable release: - High CVE-2011-3892: Double free in Theora decoder. Credit to Aki Helin of OUSPG. - Medium CVE-2011-3893: Out of bounds reads in MKV and Vorbis media handlers. Credit to Aki Helin of OUSPG. - High CVE-2011-3894: Memory corruption regression in VP8 decoding. Credit to Andrew Scherkus of the Chromium development community. - High CVE-2011-3895: Heap overflow in Vorbis decoder. Credit to Aki Helin of OUSPG. - High CVE-2011-3896: Buffer overflow in shader variable mapping. Credit to Ken “strcpy” Russell of the Chromium development community. - High CVE-2011-3897: Use-after-free in editing. Credit to pa_kt reported through ZDI (ZDI-CAN-1416). - Low CVE-2011-3898: Failure to ask for permission to run applets in JRE7. Credit to Google Chrome Security Team (Chris Evans). - High CVE-2011-3900: Out-of-bounds write in v8. Credit to Christian Holler. -- Giuseppe Iuculano Wed, 07 Dec 2011 09:12:54 +0100 chromium-browser (15.0.874.106~r107270-1) unstable; urgency=medium [ Matteo F. Vescovi ] * [fb744c6] debian/control: cosmetic typo corrections (Closes: #644386) [ Giuseppe Iuculano ] * New stable release: - High CVE-2011-2845: URL bar spoof in history handling. Credit to Jordi Chancel. - Medium CVE-2011-3875: URL bar spoof with drag+drop of URLs. Credit to Jordi Chancel. - Low CVE-2011-3876: Avoid stripping whitespace at the end of download filenames. Credit to Marc Novak. - Low CVE-2011-3877: XSS in appcache internals page. Credit to Google Chrome Security Team (Tom Sepez) plus independent discovery by Juho Nurminen. - Medium CVE-2011-3878: Race condition in worker process initialization. Credit to miaubiz. - Low CVE-2011-3879: Avoid redirect to chrome scheme URIs. Credit to Masato Kinugawa. - Low CVE-2011-3880: Don’t permit as a HTTP header delimiter. Credit to Vladimir Vorontsov, ONsec company. - High CVE-2011-3881: Cross-origin policy violations. Credit to Sergey Glazunov. - High CVE-2011-3882: Use-after-free in media buffer handling. Credit to Google Chrome Security Team (Inferno). - High CVE-2011-3883: Use-after-free in counter handling. Credit to miaubiz. - High CVE-2011-3884: Timing issues in DOM traversal. Credit to Brian Ryner of the Chromium development community. - High CVE-2011-3885: Stale style bugs leading to use-after-free. Credit to miaubiz. - High CVE-2011-3886: Out of bounds writes in v8. Credit to Christian Holler. - Medium CVE-2011-3887: Cookie theft with javascript URIs. Credit to Sergey Glazunov. - [99138] High CVE-2011-3888: Use-after-free with plug-in and editing. Credit to miaubiz. - High CVE-2011-3889: Heap overflow in Web Audio. Credit to miaubiz. - High CVE-2011-3890: Use-after-free in video source handling. Credit to Ami Fischman of the Chromium development community. - High CVE-2011-3891: Exposure of internal v8 functions. Credit to Steven Keuchel of the Chromium development community plus independent discovery by Daniel Divricean. * [62dfe31] Refreshed patches * [ebe38a0] Added scons, libelf-dev, and python-simplejson in Build-Depends * [301651c] Use icu and libv8 private copy and disable nacl [ Jonathan Nieder ] * [59f4ae6] debian/licenses: add Ms-PL license snippet. Thanks to Alexander Reichle-Schmehl (Closes: #647528) -- Giuseppe Iuculano Sun, 06 Nov 2011 14:27:45 +0100 chromium-browser (14.0.835.202~r103287-1) unstable; urgency=low [ Michael Gilbert ] * [0e3387d] Remove unneeded shlibs:Depends * [d7d8b22] Support libav's transition to multiarch * [3211a33] Use url to writable git repo in vcs-git field * [1c83896] Use relative symlinks to ffmpeg libraries [ Giuseppe Iuculano ] * New stable release: - High CVE-2011-2876: Use-after-free in text line box handling. Credit to miaubiz. - High CVE-2011-2877: Stale font in SVG text handling. Credit to miaubiz. - High CVE-2011-2878: Inappropriate cross-origin access to the window prototype. Credit to Sergey Glazunov. - High CVE-2011-2879: Lifetime and threading issues in audio node handling. Credit to Google Chrome Security Team (Inferno). - High CVE-2011-2880: Use-after-free in the v8 bindings. Credit to Sergey Glazunov. - High CVE-2011-2881: Memory corruption with v8 hidden objects. Credit to Sergey Glazunov. - Critical CVE-2011-3873: Memory corruption in shader translator. -- Giuseppe Iuculano Wed, 05 Oct 2011 11:15:53 +0200 chromium-browser (14.0.835.163~r101024-1) unstable; urgency=low [ Matteo F. Vescovi ] * [82a8b0b] debian/control: changing b-deps to libjpeg-dev (Closes: 641099) [ Giuseppe Iuculano ] * [ac85d47] Use system ffmpeg and icu * [b4fbcd0] debian/gbp.conf: Added conf for git-dch * [a4f4ee1] Do not install ffmpeg internal copy * New stable release: - High CVE-2011-2835: Race condition in the certificate cache. Credit to Ryan Sleevi of the Chromium development community. - Low CVE-2011-2836: Infobar the Windows Media Player plug-in to avoid click-free access to the system Flash. Credit to electronixtar. - Low CVE-2011-2837: Use PIC / pie compiler flags. Credit to wbrana. - Low CVE-2011-2838: Treat MIME type more authoritatively when loading plug-ins. Credit to Michal Zalewski of the Google Security Team. - High CVE-2011-2839: Crash in v8 script object wrappers. Credit to Kostya Serebryany of the Chromium development community. - Low CVE-2011-2840: Possible URL bar spoofs with unusual user interaction. Credit to kuzzcc. - Medium CVE-2011-2843: Out-of-bounds read with media buffers. Credit to Kostya Serebryany of the Chromium development community. - Medium CVE-2011-2844: Out-of-bounds read with mp3 files. Credit to Mario Gomes. - High CVE-2011-2846: Use-after-free in unload event handling. Credit to Arthur Gerkis. - High CVE-2011-2847: Use-after-free in document loader. Credit to miaubiz. - Medium CVE-2011-2848: URL bar spoof with forward button. Credit to Jordi Chancel. - Low CVE-2011-2849: Browser NULL pointer crash with WebSockets. Credit to Arthur Gerkis. - Medium CVE-2011-3234: Out-of-bounds read in box handling. Credit to miaubiz. - Medium CVE-2011-2850: Out-of-bounds read with Khmer characters. Credit to miaubiz. - Medium CVE-2011-2851: Out-of-bounds read in video handling. Credit to Google Chrome Security Team (Inferno). - High CVE-2011-2852: Off-by-one in v8. Credit to Christian Holler. - High CVE-2011-2853: Use-after-free in plug-in handling. Credit to Google Chrome Security Team (SkyLined). - High CVE-2011-2854: Use-after-free in ruby / table style handing. Credit to Sławomir Błażek, and independent later discoveries by miaubiz and Google Chrome Security Team (Inferno). - High CVE-2011-2855: Stale node in stylesheet handling. Credit to Arthur Gerkis. - High CVE-2011-2856: Cross-origin bypass in v8. Credit to Daniel Divricean. - High CVE-2011-2857: Use-after-free in focus controller. Credit to miaubiz. - High CVE-2011-2834: Double free in libxml XPath handling. Credit to Yang Dingning from NCNIPC, Graduate University of Chinese Academy of Sciences. - Medium CVE-2011-2859: Incorrect permissions assigned to non-gallery pages. Credit to Bernhard ‘Bruhns’ Brehm of Recurity Labs. - High CVE-2011-2860: Use-after-free in table style handling. Credit to miaubiz. - High CVE-2011-2862: Unintended access to v8 built-in objects. Credit to Sergey Glazunov. - Medium CVE-2011-2864: Out-of-bounds read with Tibetan characters. Credit to Google Chrome Security Team (Inferno). - Medium CVE-2011-2858: Out-of-bounds read with triangle arrays. Credit to Google Chrome Security Team (Inferno). - Low CVE-2011-2874: Failure to pin a self-signed cert for a session. Credit to Nishant Yadant of VMware and Craig Chamberlain (@randomuserid). - High CVE-2011-2875: Type confusion in v8 object sealing. Credit to Christian Holler. -- Giuseppe Iuculano Sat, 17 Sep 2011 21:46:29 +0200 chromium-browser (14.0.835.157~r99685-1) experimental; urgency=low * New beta release * Fix gbp.conf for experimental branch * Refreshed patches * Use libv8 system copy * Do not remove Makefile files * Added libpulse-dev in Build-Depends. * re-enable armel build * Patch v8_i18n to compile with libv8 system copy, thanks to Jérémy Lal * Added a lintian override for the NaCL IRT files -- Giuseppe Iuculano Wed, 07 Sep 2011 13:06:57 +0200 chromium-browser (13.0.782.220~r99552-1) unstable; urgency=high [ Giuseppe Iuculano ] * Fixed the dummy chromium-browser-l10n dependency (Closes: 639126) * New stable release: - Revoked trust for SSL certificates issued by DigiNotar-controlled intermediate CAs used by the Dutch PKIoverheid program. [ Jonathan Nieder ] * Add a replace and breaks entry to reflect the compatibility symlinks having moved to the chromium-browser package. [ Michael Gilbert ] * Fix lintian warning. * Fix manpage comment characters. * Strip the Native Client Integrated RunTime (NaCl IRT) libraries. * Objectify an old changelog entry (closes: #606261). -- Giuseppe Iuculano Tue, 06 Sep 2011 08:34:50 +0200 chromium-browser (13.0.782.215~r97094-1) unstable; urgency=low [ Michael Gilbert ] * Remove all automatically generated files during clean up (this makes it possible to build from source twice in a row now). * Bump standards version to 3.9.2. * Fix an obsolete character encoding in debian/copyright. * Fix build failure with cups >= 1.5.0. * Don't support lenny's cups anymore. * Use system config.guess and config.sub for yasm's autotools files. * Add chromium-browser.png symlink so old menu entries keep their icons (closes: #622841). * Add chromium-browser manpage symlink. * Clean up package short descriptions. [ Giuseppe Iuculano ] * Move the compatibility symlinks to the chromium-browser package * Fix the Vcs-Browser control field * New stable release: - High CVE-2011-2823: Use-after-free in line box handling. Credit to Google Chrome Security Team (SkyLined) and independent later discovery by miaubiz. - High CVE-2011-2824: Use-after-free with counter nodes. Credit to miaubiz. - High CVE-2011-2825: Use-after-free with custom fonts. Credit to wushi of team509 reported through ZDI (ZDI-CAN-1283), plus indepdendent later discovery by miaubiz. - High CVE-2011-2821: Double free in libxml XPath handling. Credit to Yang Dingning from NCNIPC, Graduate University of Chinese Academy of Sciences. - High CVE-2011-2826: Cross-origin violation with empty origins. Credit to Sergey Glazunov. - High CVE-2011-2827: Use-after-free in text searching. Credit to miaubiz. - High CVE-2011-2828: Out-of-bounds write in v8. Credit to Google Chrome Security Team (SkyLined). - High CVE-2011-2829: Integer overflow in uniform arrays. Credit to Sergey Glazunov. * Added autotools-dev in Build-Depends -- Giuseppe Iuculano Tue, 23 Aug 2011 17:31:19 +0200 chromium-browser (13.0.782.107~r94237-1) unstable; urgency=high * New stable version - Medium CVE-2011-2358: Always confirm an extension install via a browser dialog. Credit to Sergey Glazunov. - High CVE-2011-2359: Stale pointer due to bad line box tracking in rendering. Credit to miaubiz and Martin Barbella. - Low CVE-2011-2360: Potential bypass of dangerous file prompt. Credit to kuzzcc. - Low CVE-2011-2361: Improve designation of strings in the basic auth dialog. Credit to kuzzcc. - Medium CVE-2011-2782: File permissions error with drag and drop. Credit to Evan Martin of the Chromium development community. - Medium CVE-2011-2783: Always confirm a developer mode NPAPI extension install via a browser dialog. Credit to Sergey Glazunov. - Low CVE-2011-2784: Local file path disclosure via GL program log. Credit to kuzzcc. - Low CVE-2011-2785: Sanitize the homepage URL in extensions. Credit to kuzzcc. - Low CVE-2011-2786: Make sure the speech input bubble is always on-screen. Credit to Olli Pettay of Mozilla. - Medium CVE-2011-2787: Browser crash due to GPU lock re-entrancy issue. Credit to kuzzcc. - Low CVE-2011-2788: Buffer overflow in inspector serialization. Credit to Mikołaj Małecki. - Medium CVE-2011-2789: Use after free in Pepper plug-in instantiation. Credit to Mario Gomes and kuzzcc. - High CVE-2011-2790: Use-after-free with floating styles. Credit to miaubiz. - High CVE-2011-2791: Out-of-bounds write in ICU. Credit to Yang Dingning from NCNIPC, Graduate University of Chinese Academy of Sciences. - High CVE-2011-2792: Use-after-free with float removal. Credit to miaubiz. - High CVE-2011-2793: Use-after-free in media selectors. Credit to miaubiz. - Medium CVE-2011-2794: Out-of-bounds read in text iteration. Credit to miaubiz. - Medium CVE-2011-2795: Cross-frame function leak. Credit to Shih Wei-Long. - High CVE-2011-2796: Use-after-free in Skia. Credit to Google Chrome Security Team (Inferno) and Kostya Serebryany of the Chromium development community. - High CVE-2011-2797: Use-after-free in resource caching. Credit to miaubiz. - Low CVE-2011-2798: Prevent a couple of internal schemes from being web accessible. Credit to sirdarckcat of the Google Security Team. - High CVE-2011-2799: Use-after-free in HTML range handling. Credit to miaubiz. - Medium CVE-2011-2800: Leak of client-side redirect target. Credit to Juho Nurminen. - High CVE-2011-2802: v8 crash with const lookups. Credit to Christian Holler. - Medium CVE-2011-2803: Out-of-bounds read in Skia paths. Credit to Google Chrome Security Team (Inferno). - High CVE-2011-2801: Use-after-free in frame loader. Credit to miaubiz. - High CVE-2011-2818: Use-after-free in display box rendering. Credit to Martin Barbella. - High CVE-2011-2805: Cross-origin script injection. Credit to Sergey Glazunov. - [90222] High CVE-2011-2819: Cross-origin violation in base URI handling. Credit to Sergey Glazunov. * Re-added binutils-gold in Build-depends * Refreshed patches * Switch to git * Use system vpx, flac, webp, speex libs * Build-depens on gyp >= 0.1~svn971 * Run the gclient hooks when creating the source tarball, as we need files from the Native Client's integrated runtime (IRT) library (Thanks to Fabien Tassin) * Install the NaCL IRT files * Added a lintian override for the NaCL IRT files -- Giuseppe Iuculano Thu, 04 Aug 2011 11:02:34 +0200 chromium-browser (12.0.742.112~r90304-1) unstable; urgency=high * New stable micro release - [77493] Medium CVE-2011-2345: Out-of-bounds read in NPAPI string handling. Credit to Philippe Arteau. - [84355] High CVE-2011-2346: Use-after-free in SVG font handling. Credit to miaubiz. - [85003] High CVE-2011-2347: Memory corruption in CSS parsing. Credit to miaubiz. - [85102] High CVE-2011-2350: Lifetime and re-entrancy issues in the HTML parser. Credit to miaubiz. - [85177] High CVE-2011-2348: Bad bounds check in v8. Credit to Aki Helin of OUSPG. - [85211] High CVE-2011-2351: Use-after-free with SVG use element. Credit to miaubiz. - [85418] High CVE-2011-2349: Use-after-free in text selection. Credit to miaubiz. * Do not use the experimental gold linker -- Giuseppe Iuculano Wed, 29 Jun 2011 15:28:33 +0200 chromium-browser (12.0.742.91~r87961-1) unstable; urgency=high * New stable major release (Closes: 630548) - [73962] [79746] High CVE-2011-1808: Use-after-free due to integer issues in float handling. Credit to miaubiz. - [75496] Medium CVE-2011-1809: Use-after-free in accessibility support. Credit to Google Chrome Security Team (SkyLined). - [75643] Low CVE-2011-1810: Visit history information leak in CSS. Credit to Jesse Mohrland of Microsoft and Microsoft Vulnerability Research - [76034] Low CVE-2011-1811: Browser crash with lots of form submissions. Credit to “DimitrisV22”. - [77026] Medium CVE-2011-1812: Extensions permission bypass. Credit to kuzzcc. - [78516] High CVE-2011-1813: Stale pointer in extension framework. Credit to Google Chrome Security Team (Inferno). - [79362] Medium CVE-2011-1814: Read from uninitialized pointer. Credit to Eric Roman of the Chromium development community. - [79862] Low CVE-2011-1815: Extension script injection into new tab page. Credit to kuzzcc. - [80358] Medium CVE-2011-1816: Use-after-free in developer tools. Credit to kuzzcc. - [81916] Medium CVE-2011-1817: Browser memory corruption in history deletion. Credit to Collin Payne. - [81949] High CVE-2011-1818: Use-after-free in image loader. Credit to miaubiz. - [83010] Medium CVE-2011-1819: Extension injection into chrome:// pages. Credit to Vladislavas Jarmalis, plus subsequent independent discovery by Sergey Glazunov. - [83275] High CVE-2011-2332: Same origin bypass in v8. Credit to Sergey Glazunov. - [83743] High CVE-2011-2342: Same origin bypass in DOM. Credit to Sergey Glazunov. * Refreshed patches. * Use internal libv8 copy * Use internal protobuf copy * Remove armel from archs, too many toolchain issues and we want chromium in testing. * Override the embedded-library error, chromium uses a modified sqlite copy. -- Giuseppe Iuculano Fri, 17 Jun 2011 11:13:54 +0200 chromium-browser (11.0.696.71~r86024-1) unstable; urgency=low * New Stable release: - [72189] Low CVE-2011-1801: Pop-up blocker bypass. Credit to Chamal De Silva - [82546] High CVE-2011-1804: Stale pointer in floats rendering. Credit to Martin Barbella. - [82873] Critical CVE-2011-1806: Memory corruption in GPU command buffer. Credit to Google Chrome Security Team (Cris Neckar). - [82903] Critical CVE-2011-1807: Out-of-bounds write in blob handling. Credit to Google Chrome Security Team (Inferno) and Kostya Serebryany of the Chromium development community. -- Giuseppe Iuculano Wed, 25 May 2011 09:16:11 +0200 chromium-browser (11.0.696.68~r84545-3) unstable; urgency=low * Use the experimental gold linker -- Giuseppe Iuculano Mon, 23 May 2011 08:57:21 +0200 chromium-browser (11.0.696.68~r84545-2) unstable; urgency=low * Fix the libv8 patch * Disable javascript i18n api, we will re-enable it when libv8 will compile i18n experimental extension, #627066 -- Giuseppe Iuculano Tue, 17 May 2011 22:18:11 +0200 chromium-browser (11.0.696.68~r84545-1) unstable; urgency=high * New Stable release: - [64046] High CVE-2011-1799: Bad casts in Chromium WebKit glue. Credit to Google Chrome Security Team (SkyLined). - [80608] High CVE-2011-1800: Integer overflows in SVG filters. Credit to Google Chrome Security Team (Cris Neckar). * Added --password-store=detect in chromium flags * Updated the svg logo * Ship the app icon in all the sizes provided upstream (Thanks Fabien Tassin) * Build-dep on gyp >= 0.1~svn917 to try to fix FTBFS on armel * Use protobuf system copy, this should fix FTBFS on armel #616662 * Bump urgency, we want chromium 11 in wheezy * Remove *.pyc from src/depot_tools and src/build (Closes: #626894) -- Giuseppe Iuculano Mon, 16 May 2011 22:05:07 +0200 chromium-browser (11.0.696.65~r84435-1) unstable; urgency=low * New Stable release: - Fixed password loss (Closes: #619903) - [61502] High CVE-2011-1303: Stale pointer in floating object handling. Credit to Scott Hess of the Chromium development community and Martin Barbella. - [70538] Low CVE-2011-1304: Pop-up block bypass via plug-ins. Credit to Chamal De Silva. - [70589] Medium CVE-2011-1305: Linked-list race in database handling. Credit to Kostya Serebryany of the Chromium development community. - [71586] Medium CVE-2011-1434: Lack of thread safety in MIME handling. Credit to Aki Helin. - [72523] Medium CVE-2011-1435: Bad extension with ‘tabs’ permission can capture local files. Credit to Cole Snodgrass. - [72910] Low CVE-2011-1436: Possible browser crash due to bad interaction with X. Credit to miaubiz. - [73526] High CVE-2011-1437: Integer overflows in float rendering. Credit to miaubiz. - [74653] High CVE-2011-1438: Same origin policy violation with blobs. Credit to kuzzcc. - [74763] High CVE-2011-1439: Prevent interference between renderer processes. Credit to Julien Tinnes of the Google Security Team. - [75186] High CVE-2011-1440: Use-after-free with tag and CSS. Credit to Jose A. Vazquez. - [75347] High CVE-2011-1441: Bad cast with floating select lists. Credit to Michael Griffiths. - [75801] High CVE-2011-1442: Corrupt node trees with mutation events. Credit to Sergey Glazunov and wushi of team 509. - [76001] High CVE-2011-1443: Stale pointers in layering code. Credit to Martin Barbella. - [76542] High CVE-2011-1444: Race condition in sandbox launcher. Credit to Dan Rosenberg. - [76646] Medium CVE-2011-1445: Out-of-bounds read in SVG. Credit to wushi of team509. - [76666] [77507] [78031] High CVE-2011-1446: Possible URL bar spoofs with navigation errors and interrupted loads. Credit to kuzzcc. - [76966] High CVE-2011-1447: Stale pointer in drop-down list handling. Credit to miaubiz. - [77130] High CVE-2011-1448: Stale pointer in height calculations. Credit to wushi of team509. - [77346] High CVE-2011-1449: Use-after-free in WebSockets. Credit to Marek Majkowski. - [77349] Low CVE-2011-1450: Dangling pointers in file dialogs. Credit to kuzzcc. - [77463] High CVE-2011-1451: Dangling pointers in DOM id map. Credit to Sergey Glazunov. - [77786] Medium CVE-2011-1452: URL bar spoof with redirect and manual reload. Credit to Jordi Chancel. - [79199] High CVE-2011-1454: Use-after-free in DOM id handling. Credit to Sergey Glazunov. * Updated patches * Use libv8 system copy * Fixed FTBFS (converting to non-pointer type from NULL) * Addeed libpam0g-dev in Build-Depends * Fixed FTBFS with gcc 4.6 (closes: 624814) * Do not use the to use the experimental gold linker, it causes FTBFS * Added in install excluded files: genmacro genmodule genperf genstring genversion re2c yasm -- Giuseppe Iuculano Sat, 14 May 2011 15:22:23 +0200 chromium-browser (10.0.648.205~r81283-1) unstable; urgency=low * New stable release: - [75629] Critical CVE-2011-1301: Use-after-free in the GPU process. Credit to Google Chrome Security Team (Inferno). - [78524] Critical CVE-2011-1302: Heap overflow in the GPU process. Credit to Christoph Diehl. -- Giuseppe Iuculano Fri, 15 Apr 2011 09:13:45 +0200 chromium-browser (10.0.648.204~r79063-1) unstable; urgency=low * New stable release: - [72517] High CVE-2011-1291: Buffer error in base string handling. Credit to Alex Turpin. - [73216] High CVE-2011-1292: Use-after-free in the frame loader. Credit to Sławomir Błażek. - [73595] High CVE-2011-1293: Use-after-free in HTMLCollection. Credit to Sergey Glazunov. - [74562] High CVE-2011-1294: Stale pointer in CSS handling. Credit to Sergey Glazunov. - [74991] High CVE-2011-1295: DOM tree corruption with broken node parentage. Credit to Sergey Glazunov. - [75170] High CVE-2011-1296: Stale pointer in SVG text handling. Credit to Sergey Glazunov. * Depends on libvpx0 >= 0.9.6 (Closes: #618621) -- Giuseppe Iuculano Fri, 25 Mar 2011 12:20:13 +0100 chromium-browser (10.0.648.133~r77742-1) unstable; urgency=high * New stable release: - Fix CVE-2011-1290: Memory corruption in style handling. Credit to Vincenzo Iozzo, Ralf Philipp Weinmann and Willem Pinckaers reported through ZDI. * chromium-browser: Depend on chromium (>= 10) (Closes: #617760) * Added a symlink to old binary name in chromium-browser package (Closes: #616623) * Document the binary renaming in the NEWS file. -- Giuseppe Iuculano Fri, 11 Mar 2011 23:10:31 +0100 chromium-browser (10.0.648.127~r76697-1) unstable; urgency=low * New stable version * Refreshed patches -- Giuseppe Iuculano Wed, 09 Mar 2011 23:04:13 +0100 chromium-browser (10.0.648.114~r75702-1) experimental; urgency=low * New beta version * Refreshed pathces * Renamed binary packages, new names: chromium, chromium-l10n, chromium-inspector, chromium-dbg * Removed SMULBB instructions (Closes: 611725) Thanks to Jérémy Lal * Move /etc/chromium-browser/{default,master_preferences} to /etc/chromium/{default,master_preferences} * Remove mips from archs * Use in-source v8 * Added binutils-gold in build-depends to use the experimental gold linker * debian/rules: Force $DEBIAN_NAME to chromium * Fixed the webkit version parser. Patch from Ubuntu, thanks to Fabien Tassin * Do not install anymore xdg-settings and xdg-mime copy * Install libppGoogleNaClPluginChrome.so -- Giuseppe Iuculano Wed, 02 Mar 2011 11:36:53 +0100 chromium-browser (9.0.597.107~r75357-1) unstable; urgency=low [ Giuseppe Iuculano ] * New Stable version: - [54262] High URL bar spoof. Credit to Jordi Chancel. - [63732] High Crash with javascript dialogs. Credit to Sergey Radchenko. - [68263] High Stylesheet node stale pointer. Credit to Sergey Glazunov. - [68741] High Stale pointer with key frame rule. Credit to Sergey Glazunov. - [70078] High Crash with forms controls. Credit to Stefan van Zanden. - [70244] High Crash in SVG rendering. Credit to Sławomir Błażek. - [64-bit Linux only] [70376] Medium Out-of-bounds read in pickle deserialization. Credit to Evgeniy Stepanov of the Chromium development community. - [71114] High Stale node in table handling. Credit to Martin Barbella. - [71115] High Stale pointer in table rendering. Credit to Martin Barbella. - [71296] High Stale pointer in SVG animations. Credit to miaubiz. - [71386] High Stale nodes in XHTML. Credit to wushi of team509. - [71388] High Crash in textarea handling. Credit to wushi of team509. - [71595] High Stale pointer in device orientation. Credit to Sergey Glazunov. - [71717] Medium Out-of-bounds read in WebGL. Credit to miaubiz. - [71855] High Integer overflow in textarea handling. Credit to miaubiz. - [71960] Medium Out-of-bounds read in WebGL. Credit to Google Chrome Security Team (Inferno). - [72214] High Accidental exposure of internal extension functions. Credit to Tavis Ormandy of the Google Security Team. - [72437] High Use-after-free with blocked plug-ins. Credit to Chamal de Silva. - [73235] High Stale pointer in layout. Credit to Martin Barbella. [ Daniel Echeverry ] * Added patch fix-manpage.patch Closes: #607503 -- Giuseppe Iuculano Thu, 03 Mar 2011 11:42:01 +0100 chromium-browser (9.0.597.98~r74359-1) unstable; urgency=low [ Giuseppe Iuculano ] * New stable version: - [67234] High Stale pointer in animation event handling. Credit to Rik Cabanier. - [68120] High Use-after-free in SVG font faces. Credit to miaubiz. - [69556] High Stale pointer with anonymous block handling. Credit to Martin Barbella. - [69970] Medium Out-of-bounds read in plug-in handling. Credit to Bill Budge of Google. - [70456] Medium Possible failure to terminate process on out-of-memory condition. Credit to David Warren of CERT/CC. [ Daniel Echeverry ] * Fixed FTBFS caused by nspr.patch (Closes: #612618) -- Daniel Echeverry Sun, 20 Feb 2011 13:57:29 -0500 chromium-browser (9.0.597.84~r72991-1) unstable; urgency=low * New stable version: - [55831] High Use-after-free in image loading. Credit to Aki Helin of OUSPG - [59081] Low Apply some restrictions to cross-origin drag + drop. Credit to Google Chrome Security Team (SkyLined) and the Google Security Team (Michal Zalewski, David Bloom). - [62791] Low Browser crash with extension with missing key. Credit to Brian Kirchoff. - [65669] Low Handle merging of autofill profiles more gracefully. Credit to Google Chrome Security Team (Inferno). - [68244] Low Browser crash with bad volume setting. Credit to Matthew Heidermann. - [69195] Critical Race condition in audio handling. Credit to the gamers of Reddit! -- Giuseppe Iuculano Sun, 06 Feb 2011 23:50:23 +0100 chromium-browser (9.0.597.83~r72435-1) unstable; urgency=low [ Giuseppe Iuculano ] * New beta version. * Added a README.Debian and warn about downgrading (Closes: #605548) * honor DEB_BUILD_OPTIONS=nocheck, thanks to Jonathan Nieder (Closes: #589653) * Avoid "cannot access" messagges when using ffmpeg internal copy. Thanks to Jonathan Nieder. (Closes: #589563) * Refreshed patches. * Build against libv8 * Use libicu system headers * Use system glew * Use system xdg-utils * Build-depends on libv8-dev >= 2.5.9 * Update translations in Desktop file. Thanks to the Ubuntu translation team. * Upload to unstable [ Fabien Tassin ] * Add libxt-dev to Build-deps needed by ppGoogleNaClPluginChrome * Add x-scheme-handler/http and x-scheme-handler/https to the MimeType entry of the desktop file * Set CHROME_WRAPPER to the real name of the wrapper now that upstream use its value * Set CHROME_DESKTOP in the wrapper to help the default browser checker (LP: #513133) -- Giuseppe Iuculano Sun, 30 Jan 2011 22:14:01 +0100 chromium-browser (9.0.597.45~r70550-1) experimental; urgency=low * New beta version -- Giuseppe Iuculano Mon, 17 Jan 2011 09:55:51 +0100 chromium-browser (9.0.597.19~r68937-1) experimental; urgency=low * New beta version * Refreshed patches -- Giuseppe Iuculano Wed, 29 Dec 2010 09:17:12 +0100 chromium-browser (9.0.587.0~r66374-1) experimental; urgency=low * New dev version -- Giuseppe Iuculano Sat, 20 Nov 2010 18:33:03 +0100 chromium-browser (9.0.576.0~r65344-1) experimental; urgency=low * New dev version * Refreshed patches * Added libxtst-dev in build-depends * Use v8, libvpx and glew system copy for the moment. * Disable tests * Do not install /usr/lib/chromium-browser/libosmesa.so (Closes: #599511) -- Giuseppe Iuculano Wed, 17 Nov 2010 22:26:37 +0100 chromium-browser (7.0.544.0~r61416-1) UNRELEASED; urgency=low * New dev version * Remove system-icu.patch, applied upstream * Remove icu44.patch, applied upstream * Refreshed patches * Enable compile-time dependency on gnome-keyring * Use system speex * Build depends on libv8-dev >= 2.4.7 * Remove disable_dlog_and_dcheck_in_release_builds.patch * Install libosmesa.so ssl_false_start_blacklist_process and xdg-mime -- Giuseppe Iuculano Wed, 06 Oct 2010 14:55:53 +0200 chromium-browser (6.0.472.63~r59945-5.1) unstable; urgency=low [ Daniel Echeverry ] * Updated copyright file to DEP5. Closes: #580784 -- Daniel Echeverry Mon, 17 Jan 2011 22:36:28 -0500 chromium-browser (6.0.472.63~r59945-5) unstable; urgency=high * Backported security patches from stable: - High Bad pointer handling in node iteration. Credit to Sergey Glazunov. - High Stale pointer with CSS + canvas. Credit to Sergey Glazunov. - High Stale pointer with CSS + cursors. Credit to Jan Tošovský. - High Stale pointer with SVG use element. Credited anonymously; plus indepdent discovery by miaubiz. - High Vorbis decoder buffer overflows. Credit to David Warren of CERT. - High Bad cast in anchor handling. Credit to Sergey Glazunov. - High Bad cast in video handling. Credit to Sergey Glazunov. - High Stale rendering node after DOM node removal. Credit to Martin Barbella; plus independent discovery by Google Chrome Security Team (SkyLined). -- Giuseppe Iuculano Sat, 15 Jan 2011 12:04:52 +0100 chromium-browser (6.0.472.63~r59945-4) unstable; urgency=high * Backported security patches from stable: - [64-bit Linux only] High Bad validation for message deserialization on 64-bit builds. Credit to Lei Zhang of the Chromium development community. - Low Browser crash with NULL pointer in web worker handling. Credit to Nathan Weizenbaum of Google. - Medium Out-of-bounds read in CSS parsing. Credit to Chris Rohlf. - High Stale pointers in cursor handling. Credit to Sławomir Błażek and Sergey Glazunov. -- Giuseppe Iuculano Sat, 18 Dec 2010 17:39:19 +0100 chromium-browser (6.0.472.63~r59945-3) unstable; urgency=high * Backported security patches from stable: - Medium Cross-origin video theft with . Credit to Nirankush Panchbhai and Microsoft Vulnerability Research (MSVR). - High Use after free in history handling. Credit to Stefan Troger. - Medium Make sure the “dangerous file types” list is uptodate with the Windows platforms. Credit to Billy Rios of the Google Security Team. - High Crash due to bad indexing with malformed video. Credit to miaubiz. - High Use after free with SVG animations. Credit to Sławomir Błażek. - Medium Use after free in mouse dragging event handling. Credit to kuzzcc. -- Giuseppe Iuculano Tue, 07 Dec 2010 12:53:25 +0100 chromium-browser (6.0.472.63~r59945-2) unstable; urgency=high * Added the missing changelog credit for the 5.0.375.29~r46008-1 revision. This corrects a bad debian/changelog merge. * Backported security patches from stable: - High Use-after-free in text editing. Credit to David Bloom of the Google Security Team, Google Chrome Security Team (Inferno) and Google Chrome Security Team (Cris Neckar). - High Memory corruption with enormous text area. Credit to wushi of team509. - High Bad cast with the SVG use element. Credit to the kuzzcc. - High Use-after-free in text control selections. Credit to "vkouchna". - High Integer overflows in font handling. Credit to Aki Helin of OUSPG. - High Bad use of destroyed frame object. Credit to various developers, including "gundlach". - High Type confusions with event objects. Credit to "fam.lam" and Google Chrome Security Team (Inferno). - High Out-of-bounds array access in SVG handling. Credit to wushi of team509. -- Giuseppe Iuculano Fri, 05 Nov 2010 09:19:33 +0100 chromium-browser (6.0.472.63~r59945-1) unstable; urgency=high * New stable microrelease. * Allow to choose whether links are opened in a new link or new tab. (Closes: #581391) Thanks to Sam Morris * Backported security patches: - Medium Possible autofill / autocomplete profile spamming. Credit to Google Chrome Security Team (Inferno). - High Crash with forms. Credit to the Chromium development community. - Critical Browser crash with form autofill. Credit to the Chromium development community. - High Possible URL spoofing on page unload. Credit to kuzzcc; plus independent discovery by Jordi Chancel. - High Possible memory corruption with animated GIF. Credit to Simon Schaak. - High Failure to sandbox worker processes on Linux. Credit to Google Chrome Security Team (Chris Evans). - High Stale elements in an element map. Credit to Michal Zalewski of the Google Security Team. -- Giuseppe Iuculano Tue, 19 Oct 2010 12:59:21 +0200 chromium-browser (6.0.472.62~r59676-1) unstable; urgency=low * New stable security microrelease: - [55114] High Bad cast with malformed SVG. Credit to wushi of team 509. - [55119] Critical Buffer mismanagement in the SPDY protocol. Credit to Ron Ten-Hove of Google. - [55350] High Cross-origin property pollution. Credit to Stefano Di Paola of MindedSecurity. * Add translations for the "Name" field in the desktop file, and fix some "Comment" / "GenericName". Thanks to the Ubuntu translation team. * Build with PIE (Position Independent Executable) -- Giuseppe Iuculano Sat, 18 Sep 2010 16:48:44 +0200 chromium-browser (6.0.472.59~r59126-1) unstable; urgency=low * New stable security microrelease: - [50250] High Use-after-free when using document APIs during parse. Credit to David Weston of Microsoft + Microsoft Vulnerability Research (MSVR) and wushi of team 509 (independent discoveries). - [50712] High Use-after-free in SVG styles. Credit to kuzzcc. - [51252] High Use-after-free with nested SVG elements. Credit to kuzzcc. - [51709] Low Possible browser assert in cursor handling. Credit to "magnusmorton". - [51919] High Race condition in console handling. Credit to kuzzcc. - [53176] Low Unlikely browser crash in pop-up blocking. Credit to kuzzcc. - [53394] High Memory corruption in Geolocation. Credit to kuzzcc. - [53930] High Memory corruption in Khmer handling. Credit to Google Chrome Security Team (Chris Evans). - [54006] Low Failure to prompt for extension history access. Credit to "adriennefelt". -- Giuseppe Iuculano Wed, 15 Sep 2010 16:00:10 +0200 chromium-browser (6.0.472.53~r57914-3) unstable; urgency=low * Upload to unstable, this release fixes the following security issue: - [34414] Low Pop-up blocker bypass with blank frame target. Credit to Google Chrome Security Team (Inferno) and “ironfist99”. - [37201] Medium URL bar visual spoofing with homographic sequences. Credit to Chris Weber of Casaba Security. - [41654] Medium Apply more restrictions on setting clipboard content. Credit to Brook Novak. - [45659] High Stale pointer with SVG filters. Credit to Tavis Ormandy of the Google Security Team. - [45876] Medium Possible installed extension enumeration. Credit to Lostmon. - [46750] [51846] Low Browser NULL crash with WebSockets. Credit to Google Chrome Security Team (SkyLined), Google Chrome Security Team (Justin Schuh) and Keith Campbell. - [50386] High Use-after-free in Notifications presenter. Credit to Sergey Glazunov. - [50839] High Notification permissions memory corruption. Credit to Michal Zalewski of the Google Security Team and Google Chrome Security Team (SkyLined). - [51630] [51739] High Integer errors in WebSockets. Credit to Keith Campbell and Google Chrome Security Team (Cris Neckar). - [51653] High Memory corruption with counter nodes. Credit to kuzzcc. - [51727] Low Avoid storing excessive autocomplete entries. Credit to Google Chrome Security Team (Inferno). - [52443] High Stale pointer in focus handling. Credit to VUPEN Vulnerability Research Team (VUPEN-SR-2010-249). - [52682] High Sandbox parameter deserialization error. Credit to Ashutosh Mehra and Vineet Batra of the Adobe Reader Sandbox Team. - [53001] Medium Cross-origin image theft. Credit to Isaac Dawson. * Provide gnome-www-browser (Closes: #594057) * use startup-notification correctly (Closes: #581347) * the main scrollbar doesn'have anymore low contrast (Closes: #582648) * check DISPLAY envvar (Closes: #587398) * Doesn't segfault with cups (Closes: #593748) -- Giuseppe Iuculano Tue, 07 Sep 2010 18:49:45 +0200 chromium-browser (6.0.472.53~r57914-2) experimental; urgency=low * Do not install libppapi_tests.so and DumpRenderTree_resources/ * Add libppapi_tests.so to INSTALL_EXCLUDE_FILES and DumpRenderTree_resources/ to INSTALL_EXCLUDE_DIRS -- Giuseppe Iuculano Sat, 04 Sep 2010 08:28:27 +0200 chromium-browser (6.0.472.53~r57914-1) experimental; urgency=low * New upstream release * Merge the unstable branch * Backport arm ffmpeg fix from unstable (v5) * chromium-browser-inspector: added a conflict with chromium-browser (<< ${source:Version}) (Closes: #594909) -- Giuseppe Iuculano Wed, 01 Sep 2010 15:39:16 +0200 chromium-browser (6.0.472.36~r55963-1) experimental; urgency=low * New beta release * Refreshed patches * Build and use the custom ffmpeg copy * Build and use the custom protobuf copy. -- Giuseppe Iuculano Thu, 19 Aug 2010 09:53:03 +0200 chromium-browser (6.0.466.0~r52279-1) experimental; urgency=low * Flush cairo surface at end of CanvasPaintLinux (Closes: #587164) * New dev upstream for experimental suite * Refreshed patches. * Install new resource.pak * Added libcups2-dev, libgnome-keyring-dev, libgconf2-dev in BUild-depends * set disable_sse2=1 * Switch back to ffmpeg system libs * Install DumpRenderTree_resources * Define GOOGLE_PROTOBUF_NO_RTTI to fix FTBFS when compiling against system protobuf -- Giuseppe Iuculano Wed, 21 Jul 2010 14:40:57 +0200 chromium-browser (5.0.375.127~r55887-2) UNRELEASED; urgency=low * Provide gnome-www-browser (Closes: #594057) * Use hardening-wrapper -- Giuseppe Iuculano Sun, 29 Aug 2010 12:20:18 +0200 chromium-browser (5.0.375.127~r55887-1) unstable; urgency=high * New stable security microrelease. - Critical. Memory corruption with file dialog. Credit to Sergey Glazunov. - High. Memory corruption with SVGs. Credit to wushi of team509. - High. Bad cast with text editing. Credit to wushi of team509. - High. Possible address bar spoofing with history bug. Credit to Mike Taylor. - High. Memory corruption in MIME type handling. Credit to Sergey Glazunov. - Critical. Crash on shutdown due to notifications bug. Credit to Sergey Glazunov. - Medium. Stop omnibox autosuggest if the user might be about to type a password. Credit to Robert Hansen. - High. Memory corruption with Ruby support. Credit to kuzzcc. - High. Memory corruption with Geolocation support. Credit to kuzzcc. * Remove gecko-mediaplayer from blacklist (Closes: #590145) -- Giuseppe Iuculano Fri, 20 Aug 2010 11:09:16 +0200 chromium-browser (5.0.375.125~r53311-1) unstable; urgency=medium * Flush cairo surface at end of CanvasPaintLinux (Closes: #587164) * New stable micro release: - Medium Memory contents disclosure in layout code. Credit to Michail Nikolaev. - High Issue with large canvases. Credit to sp3x of SecurityReason.com. - High Memory corruption in rendering code. Credit to Jose A. Vazquez. - High Memory corruption in SVG handling. Credit to Aki Helin of OUSPG. - Low Avoid hostname truncation and incorrect eliding. Credit to Google Chrome Security Team (Inferno). -- Giuseppe Iuculano Tue, 27 Jul 2010 12:44:58 +0200 chromium-browser (5.0.375.99~r51029-4) unstable; urgency=low * Fix FTBFS with icu 4.4 (Closes: #589414) * Do not use armv4 incompatible code * Remove src/out and "*.pyc" files in clean target. (Closes: #589160) Thanks to Timo Juhani Lindfors. -- Giuseppe Iuculano Sat, 17 Jul 2010 17:22:47 +0200 chromium-browser (5.0.375.99~r51029-3) unstable; urgency=low * [armel] Disabled thumb to fix FTBFS in armel * Bump to Standards-Version 3.9.0, no changes needed * Backport support for the Ambiance/Radiance and Dust themes button ordering by reading the gconf pref -- Giuseppe Iuculano Thu, 08 Jul 2010 13:34:15 +0200 chromium-browser (5.0.375.99~r51029-2) unstable; urgency=low * Backport patch for CVE-2010-1760 * [armel] set arm_neon=0 * [armel] Remove all V5TE, VFP code from ffmpeg -- Giuseppe Iuculano Tue, 06 Jul 2010 16:14:12 +0200 chromium-browser (5.0.375.99~r51029-1) unstable; urgency=low * DEB_HOST_ARCH_CPU in armel is arm, updating debian/rules * New stable version, this release fixes the following security issues: - [42396] Low OOB read with WebGL. Credit to Sergey Glazunov; Google Chrome Security Team (SkyLined). - [42575] [42980] Medium Isolate sandboxed iframes more strongly. Credit to sirdarckcat of Google Security Team. - [43488] High Memory corruption with invalid SVGs. Credit to Aki Hekin of OUSPG; wushi of team509. - [44424] High Memory corruption in bidi algorithm. Credit to wushi of team509. - [45164] Low Crash with invalid image. Credit to javg0x83. - [45983] High Memory corruption with invalid PNG (libpng bug). Credit to Aki Helin of OUSPG. - [46360] High Memory corruption in CSS style rendering. Credit to wushi of team509. - [46575] Low Annoyance with print dialogs. Credit to Mats Ahlgren. - [47056] Low Crash with modal dialogs. Credit to Aki Helin of OUSPG. * Remove armv6 and armv7 support from ffmpeg internal copy * Set arm_thumb=0 to avoid FTBFS in armel. Thanks to Peter De Schrijver, Timo Lindfors and Reinhard Tartler -- Giuseppe Iuculano Sat, 03 Jul 2010 13:23:26 +0200 chromium-browser (5.0.375.86~r49890-4) unstable; urgency=low * Use the full path in chromium-browser.desktop Exec field (Closes: #580582) * Remove the 3d patch, non-3d videos are messed up (Closes: 587389) * Build depends on libicu-dev (>= 4.2.1) and libevent-dev (>= 1.4.13) to avoid bad backports -- Giuseppe Iuculano Mon, 28 Jun 2010 15:10:05 +0200 chromium-browser (5.0.375.86~r49890-3) unstable; urgency=low * Set ffmpeg_branding=Chrome to enable the h264 decoder (Closes: #587293) * Backport VP8/WebM code and use system copy of libvpx * Add xulrunner lib path to LD_LIBRARY_PATH (Closes: #574679) * Removed license info for src/native_client/src/third_party/valgrind/bin/ * Fixed 3d visualization on youtube video with html5 and Webm -- Giuseppe Iuculano Sun, 27 Jun 2010 13:01:44 +0200 chromium-browser (5.0.375.86~r49890-2) unstable; urgency=low * Partially revert info in about:version, it has significant impact in first-run performance * Build and use the custom ffmpeg copy, when ffmpeg 0.6 will be uploaded in unstable chromium will use the system copy of ffmpeg. (Closes: #581507) * Install libffmpegsumo * Add a replace and conflict entry for chromium-codecs-ffmpeg and chromium-codecs-ffmpeg-extra. This is necessary for people who used or are using the unofficial PPA build. * Update language list in chromium-browser-l10n description -- Giuseppe Iuculano Sat, 26 Jun 2010 09:47:17 +0200 chromium-browser (5.0.375.86~r49890-1) unstable; urgency=low [ Jonathan Nieder ] * Use dpkg-architecture directly instead of relying on dpkg-buildpackage to set DEB_*_ARCH variables. Use DEB_HOST_ARCH_CPU instead of DEB_BUILD_ARCH to detect target CPU. (Closes: #585801) [ Giuseppe Iuculano ] * New stable version, this release fixes the following security issues: - [38105] Medium XSS via application/json response (regression). Credit to Ben Davis for original discovery and Emanuele Gentili for regression discovery. - [43322] Medium Memory error in video handling. Credit to Mark Dowd under contract to Google Chrome Security Team. - [43967] High Subresource displayed in omnibox loading. Credit to Michal Zalewski of Google Security Team. - [45267] High Memory error in video handling. Credit to Google Chrome Security Team (Cris Neckar). - [46126] High Stale pointer in x509-user-cert response. Credit to Rodrigo Marcos of SECFORCE. - Drop the XLIB_SKIP_ARGB_VISUALS workaround as it creates regressions. See http://crbug.com/46439 * Use /usr/bin/chromium-browser in chromium-browser.xml (Closes: #580582) [ Fabien Tassin ] * Show in about:version when chromium is running on a different distribution that it has been built on - udpate debian/rules - rename and update debian/chromium-browser.sh => debian/chromium-browser.sh.in -- Giuseppe Iuculano Fri, 25 Jun 2010 10:15:35 +0200 chromium-browser (5.0.375.70~r48679-2) unstable; urgency=low [ Fabien Tassin ] * Accept 'stable' as value for $(CHANNEL) - update debian/rules [ Giuseppe Iuculano ] * Use the full path in chromium-browser.xml, now Gnome's Preferred Applications doesn't get confused. (Closes: #580582) * debian/patches/protobuf.patch: Use system copy of libprotobuf * Added protobuf-compiler and libprotobuf-dev in Build-Depends * debian/patches/glew.patch: Use system copy of libglewmx (version with support for thread-safe usage of multiple rendering contexts) * Added libglewmx1.5-dev in Build-Depends * Removed Fabien and Alexander from Uploaders. * Updated VCS control fields * Fix an infinite recursion crash when trying to wrap media elements without a media player. (Closes: #582709) -- Giuseppe Iuculano Sun, 13 Jun 2010 22:23:59 +0200 chromium-browser (5.0.375.70~r48679-1) unstable; urgency=low [ Fabien Tassin ] * Add a --temp-profile knob to the launcher script starting Chromium with a new profile which will last only for the duration of the session - update debian/chromium-browser.sh * Change StartupWMClass to Chromium-browser in the desktop launcher so cairo-dock does the right thing (LP: #587664) - update debian/chromium-browser.desktop * Set XLIB_SKIP_ARGB_VISUALS=1 in the wrapper to prevent flash from dying with a Gdk-ERROR when gtk2 is built with RGBA support (like in Maverick). (LP: #584959) - update debian/chromium-browser.sh [ Giuseppe Iuculano ] * New upstream stable release, this release fixes the following security issues: - [15766] Medium Cross-origin keystroke redirection. - [39985] High Cross-origin bypass in DOM methods. - [42723] High Memory error in table layout. - [43304] High Linux sandbox escape. - [43307] High Bitmap stale pointer. - [43315] High Memory corruption in DOM node normalization. - [43487] High Memory corruption in text transforms. - [43902] Medium XSS in innerHTML property of textarea. - [44740] High Memory corruption in font handling. - [44868] High Geolocation events fire after document deletion. - [44955] High Memory corruption in rendering of list markers. -- Giuseppe Iuculano Wed, 09 Jun 2010 12:08:42 +0200 chromium-browser (5.0.375.55~r47796-1) unstable; urgency=low * New beta release. - This release contains some minor crash and stability fixes. * Switch to dpkg-source 3.0 (quilt) format. * Don't use a tar.lzma-in-a-tar.gz - Now debian/rules binary works (Closes: #580535) * Refreshed patches and removed zoom_incognito.patch (applied upstream) * Removed quilt from Build-Depends * Build-depends on libv8-dev >= 2.2.7 and fix build-depends-on-1-revision lintian warning -- Giuseppe Iuculano Sun, 23 May 2010 23:22:16 +0200 chromium-browser (5.0.375.38~r46659-2) unstable; urgency=low [ Fabien Tassin ] * Unbreak get-orig-source when it needs to drop its cache after a channel jump (replace brace expansion - which is a bashism - with proper $(wildcard)) - update debian/rules [ Giuseppe Iuculano ] * chromium-browser-inspector: demoted chromium-browser to Recommend and avoid circular dependency (Closes: #581743) * Tell Chromium to look in /etc/chromium-browser for the master_preferences file - update debian/patches/series - add debian/patches/prefs.patch * Ship a custom first-run preferences file - update debian/chromium-browser.install - add debian/master_preferences * Removed g++-4.3 | g++-4.2 from Build-Depends - update debian/control * Removed the icon field from the menu file - update debian/chromium-browser.menu * Removed libc6-dev-i386 [amd64] and g++-multilib [amd64] from Build-Depends - update debian/control * Install a presubj bug file - update debian/chromium-browser.install - add debian/presubj * Forget zoom levels set/changed in incognito mode - add debian/patches/zoom_incognito.patch - update debian/patches/series -- Giuseppe Iuculano Tue, 18 May 2010 23:52:40 +0200 chromium-browser (5.0.375.38~r46659-1) unstable; urgency=low [ Giuseppe Iuculano ] * Use system copy of libv8 - update debian/control - update debian/patches/series - update debian/patches/system_v8.patch - update debian/rules * Build-depends on libv8-dev >= 2.2.7 See http://code.google.com/p/v8/issues/detail?id=506 - update debian/control * Recognize iceweasel in about:memory - update debian/patches/series - add debian/patches/memory_iceweasel.patch * Set arch to i386 amd64 armel mips * New beta release - In addition to crash and stability fixes, this release also includes a localization refresh * Upload in unstable [ Andres Mejia ] * Be able to use system ffmpeg-0.5.1. (Closes: #580947) -- Giuseppe Iuculano Thu, 13 May 2010 11:31:32 +0200 chromium-browser (5.0.375.29~r46008-3) experimental; urgency=low * Include system copy of prtime.h - add debian/patches/nspr.patch - update debian/patches/series * Use system libicu - add debian/patches/system-icu.patch * webkit needs to call nss to pull in nspr headers - add debian/patches/nss.patch - update debian/patches/series * Ops, libavutil50 is not yet in Debian, removed from depends (Closes: #580769) - update debian/control * Include system copy of expat.h - update debian/patches/series - add debian/patches/expat.patch -- Giuseppe Iuculano Sun, 09 May 2010 11:34:10 +0200 chromium-browser (5.0.375.29~r46008-2) experimental; urgency=low * Do not pre-depend on lzma. Thanks to Sven Joachim. (Closes: #580485) - update debian/control * Do not force -j$(PROCESSORS), use DEB_BUILD_OPTIONS's parallel=n option instead so the person doing the build can decide how many processes to run in parallel. (Closes: #580490) - update debian/rules * Reintroduce add_enable_sse2_flag.patch (Closes: #580608) - update debian/rules - update debian/patches/add_enable_sse2_flag.patch - update debian/patches/series * Added a Debian menu file (Closes: #580591) - add debian/chromium-browser.menu * Use system yasm - update debian/rules - update debian/control * Removed DEB_MAKE_EXTRA_ARGS, we already use DEB_MAKE_ENVVARS for parallel build - update debian/rules * Set use_system_ffmpeg and symlink libavcodec libavformat and libavutil. This enables HTML5 video (Closes: 580610) - update debian/rules - update debian/patches/series - add debian/chromium-browser.links - add debian/patches/ffmpeg-no-pkgconfig.patch - add debian/patches/ffmpegfix.patch * Added libavcodec52, libavformat52 and libavutil50 in Depends - update debian/control -- Giuseppe Iuculano Sat, 08 May 2010 00:41:38 +0200 chromium-browser (5.0.375.29~r46008-1) experimental; urgency=low [Giuseppe Iuculano] * Switch to system libs and enabled libxml - update debian/rules * Use system libevent, libicu and libxslt - update debian/rules - update debian/control * New upstream release from the Beta Channel * Fixed a typo in the maintainer field - update debian/control * Removed ubuntu_dont_overwrite_default_download_directory.patch, the default download location can be set via the options dialog - update debian/patches/series - removed ubuntu_dont_overwrite_default_download_directory.patch * use dh_install --list-missing - update debian/rules * Updated VCS control field, at this moment is a private branch on launchpad - update debian/control * Updated debian/copyright and fixed glitches pointed out by ftpmaster - update debian/copyright - update debian/copyright.problems * Added a strict depend in chromium-browser-inspector - update debian/control [ Fabien Tassin ] * Add app_unittests_strings to INSTALL_EXCLUDE_DIRS - update debian/rules * Add a gnome-www-browser alternative (LP: #571103) - update debian/chromium-browser.{postinst,prerm} * Build with build_ffmpegsumo=0 instead of use_system_ffmpeg=1 (which now means something else) - update debian/rules * Install resources/{bookmark_manager,net_internals} in the main deb - update debian/chromium-browser.install * Drop the sse2 patch, it has been applied upstream, and set disable_sse2 - drop debian/patches/drop_sse2.patch - update debian/patches/series - update debian/rules * Add app_unittests_strings, resources/{calendar_app,docs_app,gmail_app} and pyproto to INSTALL_EXCLUDE_DIRS - update debian/rules -- Giuseppe Iuculano Thu, 06 May 2010 12:01:07 +0200 chromium-browser (5.0.342.9~r43360-1) experimental; urgency=low [ Fabien Tassin ] * Add xdg-utils to Depends (LP: #568984) - update debian/control * Disable DLOG and DCHECK. This should improve performances. - update debian/rules [ Giuseppe Iuculano ] * Replace xbase-clients with x11-apps in build-depdends - update debian/control * Bump debhelper compatibility to 7 - update debian/control - update debian/compat * Bump to Standards-Version 3.8.4, no changes needed - update debian/control * Removed the strict depends in chromium-browser-l10n, and made chromium-browser safely binNMUable - update debian/control * Set Priority extra for chromium-browser-dbg - update debian/control * Added the debhelper token in prerm and postinst scripts - update debian/chromium-browser.postinst - update debian/chromium-browser.prerm * Removed cdbs cruft and fix patch-system-but-direct-changes-in-diff lintian warning - update debian/rules * Build-depends on coreutils >= 7.5 | timeout - update debian/control * Use lzma only in Ubuntu, this is not yet permitted in the Debian archive - update debian/rules * Move chromium-browser-dbg in debug section and improve its extended description - update debian/control * Set CHROME_VERSION_EXTRA to Debian in the Debian package - update debian/rules * Updated Maintainer and Uploader lists - update debian/control * Upload to experimental (Closes: #520324) * Removed chromium-codecs-ffmpeg from Depends - update debian/control -- Giuseppe Iuculano Mon, 26 Apr 2010 15:03:00 +0200 chromium-browser (5.0.342.9~r43360-0ubuntu2) lucid; urgency=low [ Fabien Tassin ] * Mention 'Chrome' in the main package description (LP: #561667) - update debian/control * When 'gclient update' fails, clear up the cache and retry. This helps the channels updates often failing with a "Can't switch the checkout" error - update debian/rules [ Chris Coulson ] * Update the default search URL - update debian/rules -- Fabien Tassin Fri, 16 Apr 2010 17:36:29 +0200 chromium-browser (5.0.342.9~r43360-0ubuntu1) lucid; urgency=low * New upstream release from the Beta Channel - Fix extensions installer where some extensions cannot be installed (issue 38220) * Don't build with system zlib on Intrepid/Jaunty (needed to unbreak the backports). See http://crbug.com/38073 - update debian/rules -- Fabien Tassin Wed, 07 Apr 2010 21:02:55 +0200 chromium-browser (5.0.342.7~r42476-0ubuntu1) lucid; urgency=low * New upstream release from the Beta Channel - fix an issue with Google SSL sites failing with 'error 107 (net::ERR_SSL_PROTOCOL_ERROR)' (issue 37722) - Automatic translations and greater control over content for privacy - Really, really reload. A normal reload causes the browser to check with the server before reusing its cached content. The server can decide whether or not the browser should use its cached content. A force reload causes the browser to ignore its cached content and ask the server for a fresh copy of the page. Use Shift+Reload to force a reload. * Add libdbus-glib-1-dev to Build-Depends - update debian/control * Move third_party/gles2_book from STRIPPED_DIRS to ALMOST_STRIPPED_DIRS as we now need its gyp file (but nothing else) - update debian/rules * Bump gyp requirement to >= 0.1~svn795, it's needed for the new syntax - update debian/control * Add 'timestats' to INSTALL_EXCLUDE_FILES - update debian/rules * Import translations and mime-types from the upstream desktop file Thanks to Julien Lavergne (LP: #538664) - update debian/chromium-browser.desktop * Import the free SVG logo from the Chromium website and install it in /usr/share/icons/hicolor/scalable/apps (LP: #528640) - add debian/chromium-browser.svg - update debian/rules * Move chromium-browser-inspector to Depends, it breaks some features when it's not installed - update debian/control * Rename chromium-codecs-ffmpeg-nonfree into chromium-codecs-ffmpeg-extra and move the two codecs back to Depends (LP: #537617, #513776) - update debian/control -- Fabien Tassin Thu, 25 Mar 2010 08:22:40 +0100 chromium-browser (5.0.307.11~r39572-0ubuntu1) lucid; urgency=low * New upstream release from the Beta Channel - Fixed an issue where an error resolving a proxy server would not try a direct connection. (Issue 32316) - Fixed an extensions bug that could crash the entire browser. (Issue 34778) - Fixed an issue in the cross-site scripting auditor that could prevent Google translate from working on sites. (Issue 33115) -- Fabien Tassin Sat, 27 Feb 2010 17:07:23 +0100 chromium-browser (5.0.307.9~r39052-0ubuntu1) lucid; urgency=low * New upstream release from the Beta Channel - Fixed a tab crash that could be triggered by visiting wordpress.com, http://acid3.acidtests.org/, and many other sites. (Issue 35498) - Fixed a tab crash in image loading. (Issue 32230) - Improved font bolding for fonts without native bold. (Issue 22360) * Bump gyp Build-Depends to >= 0.1~svn785 - update debian/control * Add --no-circular-check to gyp_chromium to prevent gyp from failing - update debian/rules -- Fabien Tassin Thu, 18 Feb 2010 00:20:07 +0100 chromium-browser (5.0.307.7~r38400+0-0ubuntu1) lucid; urgency=low * Disable WANT_SYSTEM_LIBS since it makes Gmail/GCal crash (libxml, libxslt, ..). See http://crbug.com/34725 (LP: #522078) - update debian/rules -- Fabien Tassin Mon, 15 Feb 2010 12:17:07 +0100 chromium-browser (5.0.307.7~r38400-0ubuntu1) lucid; urgency=low * New upstream release from the Beta Channel * Re-add the -l10n strict version dependency on chromium-browser - update debian/control -- Fabien Tassin Fri, 12 Feb 2010 22:00:39 +0100 chromium-browser (5.0.307.5~r37950+0-0ubuntu1) lucid; urgency=low * Drop third_party/libxml from STRIPPED_SYSTEM_LIB_DIRS - update debian/rules -- Fabien Tassin Wed, 10 Feb 2010 18:46:55 +0100 chromium-browser (5.0.307.5~r37950-0ubuntu1) lucid; urgency=low * Add libxss-dev to Build-Depends, the new browser sync engine needs X11/extensions/scrnsaver.h - update debian/control * Add a safety net to get-orig-source when fetching sources for a channel - update debian/rules -- Fabien Tassin Tue, 09 Feb 2010 17:07:18 +0100 chromium-browser (4.0.305.0~svn20100123r36929-0ubuntu1) lucid; urgency=low [ Fabien Tassin ] * Initial release. (Closes: #520324, LP: #387765) [ Alexander Sack ] * extensive license review; see copyright and copyright.problems; also see debian/licensecheck.pl for details how the copyright files are generated * address archive-admin comments: + add "Paul Hsieh's Public Domain Option" license snippet and mark net/disk_cache/hash.cc to be govered by that; recreate copyright* - add debian/licenses/LICENSE.Paul Hsieh's Public Domain Option - update debian/licensecheck.pl - update debian/copyright - update debian/copyright.problems -- Fabien Tassin Tue, 26 Jan 2010 17:43:19 +0100